From bb49c6710898bf3d9aa52280579441e04bd280e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Fri, 19 Sep 2025 09:18:32 +0200
Subject: [PATCH] Removed Microsoft X-XSS-Protection header, as it is not
 recommended on modern browsers anymore and is considered deprecated

---
 config/packages/nelmio_security.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/config/packages/nelmio_security.yaml b/config/packages/nelmio_security.yaml
index c283cd8e..6b2b7337 100644
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -20,12 +20,6 @@ nelmio_security:
             - 'digikey.com'
             - 'nexar.com'
 
-    # forces Microsoft's XSS-Protection with
-    # its block mode
-    xss_protection:
-        enabled: true
-        mode_block: true
-
     # Send a full URL in the `Referer` header when performing a same-origin request,
     # only send the origin of the document to secure destination (HTTPS->HTTPS),
     # and send no header to a less secure destination (HTTPS->HTTP).