Change of security related headers & comment out

The X-CSP was stopping Firefox from working, complained about a CSP in
Emmet
Changed the security items, then found none were needed, so commented
out

lib/settings.php

@@ -15,9 +15,9 @@ $context = stream_context_create(array('http'=>
 	)
 ));
 
-// Set a policy of allowing scripts on the same domain
-// header("X-XSS-Protection: 0"); // Turn off XSS filter
-header("X-Content-Security-Policy: allow 'self'");
+// Set our security related headers, none activated
+// header("frame-options: SAMEORIGIN");
+// header("XSS-Protection: 1; mode=block");
 
 // Start a session if we haven't already
 if(!isset($_SESSION)) {@session_start();}