From 3af3bbfcf11ccbdd8cc3b40c4fc2982644288583 Mon Sep 17 00:00:00 2001
From: Aleksander Karlsson <AMKA@equinor.com>
Date: Tue, 23 Sep 2025 07:44:06 +0200
Subject: [PATCH] Update security.conf

Option is no longer recommended as per:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection

It might make sense to have it still though, I have not checked your configuration extensively.

Signed-off-by: Aleksander Karlsson <AMKA@equinor.com>
---
 web/nginx/config/security.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web/nginx/config/security.conf b/web/nginx/config/security.conf
index 28464e43..b6a1412a 100644
--- a/web/nginx/config/security.conf
+++ b/web/nginx/config/security.conf
@@ -1,5 +1,4 @@
 # security headers
-add_header X-XSS-Protection             "1; mode=block" always;
 add_header X-Content-Type-Options       "nosniff" always;
 add_header Referrer-Policy              "no-referrer-when-downgrade" always;
 add_header Permissions-Policy           "interest-cohort=()" always;