7.4+: The X-XSS-Protection header and the related system property will be removed from DXP 7.4.
7.0-7.3: No patch required.
Enabling the HTTP header `X-XSS-Protection` is no longer recommended. To disable, set the following in system-ext.properties:
The X-XSS-Protection header has been full deprecated and only Safari still supports this header. The header also introduces additional security vulnerabilities
For more details see: