From ae3ef391ee4bed52727274e04dca5f71091124a7 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik+github@kernstock.net>
Date: Thu, 13 Nov 2025 15:16:44 +0100
Subject: [PATCH] Remove deprecated 'X-XSS-Protection' header (#6871)

---
 data/conf/nginx/templates/sites-default.conf.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/conf/nginx/templates/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
index 23fe7b788..f3d734528 100644
--- a/data/conf/nginx/templates/sites-default.conf.j2
+++ b/data/conf/nginx/templates/sites-default.conf.j2
@@ -14,7 +14,6 @@ ssl_session_tickets off;
 
 add_header Strict-Transport-Security "max-age=15768000;";
 add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;
 add_header X-Download-Options noopen;
 add_header X-Frame-Options "SAMEORIGIN" always;