Fix
X-XSS-Protection (legacy)
Legacy header for old browser XSS filters. Modern browsers ignore it; CSP is the modern defense.
InfoCategory: general
Recommended fix
- Do not rely on this header for security.
- If you keep it for legacy compatibility, avoid unsafe configurations.
Example (legacy only)
X-XSS-Protection: 0