From b5b64eba5bacb3ad3502248e756888fa70aa9bf6 Mon Sep 17 00:00:00 2001
From: Alex Palaistras <alex@deuill.org>
Date: Sat, 25 Mar 2023 14:28:12 +0000
Subject: [PATCH] nginx: Remove deprecated XSS protection block

---
 service/nginx/container/config/server.conf | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/service/nginx/container/config/server.conf b/service/nginx/container/config/server.conf
index 40ad763..c52f6f8 100644
--- a/service/nginx/container/config/server.conf
+++ b/service/nginx/container/config/server.conf
@@ -58,15 +58,6 @@ add_header X-Content-Type-Options nosniff always;
 
 add_header X-Frame-Options $x_frame_options always;
 
-# Protect website reflected Cross-Site Scripting (XSS) attacks.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
-# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
-# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
-# https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
-
-add_header X-XSS-Protection $x_xss_protection always;
-
 # Block access to all hidden files and directories except for the
 # visible content from within the `/.well-known/` hidden directory.
 #