From cb8b8c7ebba42a7a987d2d99afc4787a07f8e466 Mon Sep 17 00:00:00 2001
From: James Force <jforce@redhat.com>
Date: Thu, 31 Jul 2025 10:52:51 +0100
Subject: [PATCH] Remove ancient deprecated header

Removes `X-XSS-Protection` and thus addresses #195
---
 pkg/server/headers/headers.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/server/headers/headers.go b/pkg/server/headers/headers.go
index 46ca36322..e2d14a7c9 100644
--- a/pkg/server/headers/headers.go
+++ b/pkg/server/headers/headers.go
@@ -16,7 +16,6 @@ var standardHeaders = map[string]string{
 	// Add other basic security hygiene headers
 	"X-Content-Type-Options": "nosniff",
 	"X-DNS-Prefetch-Control": "off",
-	"X-XSS-Protection":       "1; mode=block",
 }
 
 func WithStandardHeaders(handler http.Handler) http.Handler {