b548938539
# X-XSS-Protection Even though this feature can protect users of older web browsers that don't yet support CSP, in some cases, XSS protection can create XSS vulnerabilities in otherwise safe websites. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection https://thexssrat.medium.com/x-xss-protection-headers-protection-or-vulnerability-bc7213951320 Chrome has removed their XSS Auditor Firefox has not, and will not implement X-XSS-Protection Edge has retired its XSS filter. # X-Download-Options Microsoft announced the retirement of Internet Explorer and it's rendered inoperable since June 15, 2022. So, we may safely remove this IE 8 specific HTTP Header too.