From 669ebf6b80cf9e3614448312bf326e93f36ca0ad Mon Sep 17 00:00:00 2001
From: Maru Alka <me@marco-alka.de>
Date: Thu, 29 Sep 2022 12:34:57 +0200
Subject: [PATCH] Disable XSS-Protection Header

see notes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Signed-off-by: Maru Alka <me@marco-alka.de>
---
 admin_manual/installation/nginx-root.conf.sample   | 1 -
 admin_manual/installation/nginx-subdir.conf.sample | 1 -
 2 files changed, 2 deletions(-)

diff --git a/admin_manual/installation/nginx-root.conf.sample b/admin_manual/installation/nginx-root.conf.sample
index a9db15e74..7c22f840c 100644
--- a/admin_manual/installation/nginx-root.conf.sample
+++ b/admin_manual/installation/nginx-root.conf.sample
@@ -79,7 +79,6 @@ server {
     add_header X-Frame-Options                   "SAMEORIGIN"        always;
     add_header X-Permitted-Cross-Domain-Policies "none"              always;
     add_header X-Robots-Tag                      "noindex, nofollow" always;
-    add_header X-XSS-Protection                  "1; mode=block"     always;
 
     # Remove X-Powered-By, which is an information leak
     fastcgi_hide_header X-Powered-By;
diff --git a/admin_manual/installation/nginx-subdir.conf.sample b/admin_manual/installation/nginx-subdir.conf.sample
index afe3bc070..4a0d2a828 100644
--- a/admin_manual/installation/nginx-subdir.conf.sample
+++ b/admin_manual/installation/nginx-subdir.conf.sample
@@ -111,7 +111,6 @@ server {
         add_header X-Frame-Options                   "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies "none"              always;
         add_header X-Robots-Tag                      "noindex, nofollow" always;
-        add_header X-XSS-Protection                  "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;