diff --git a/service/nginx/container/config/server.conf b/service/nginx/container/config/server.conf
index 40ad763..c52f6f8 100644
--- a/service/nginx/container/config/server.conf
+++ b/service/nginx/container/config/server.conf
@@ -58,15 +58,6 @@ add_header X-Content-Type-Options nosniff always;
 
 add_header X-Frame-Options $x_frame_options always;
 
-# Protect website reflected Cross-Site Scripting (XSS) attacks.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
-# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
-# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
-# https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
-
-add_header X-XSS-Protection $x_xss_protection always;
-
 # Block access to all hidden files and directories except for the
 # visible content from within the `/.well-known/` hidden directory.
 #