From e2927be065cf2bfa297d01f874228fed392ff0cd Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 8 Jun 2025 10:37:12 +0200
Subject: [PATCH] Remove X-XSS-Protection header from .htaccess (#9875)

---
 public_html/.htaccess | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/public_html/.htaccess b/public_html/.htaccess
index 9b68c6938..e6d4b02a5 100644
--- a/public_html/.htaccess
+++ b/public_html/.htaccess
@@ -45,10 +45,6 @@ Header set X-Robots-Tag "noindex, nofollow"
 # Only template - fill with your values
 #Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS
 
-# X-Xss-Protection
-# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). 
-#Header set X-XSS-Protection "1; mode=block"
-
 # X-Frame-Options
 # The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks
 # Already set by php code! Do not activate both options