This header is non-standard and should not be used. Instead, it is recommended to use a header.
For more information about the X-XSS-Protection header, and why it should not be used, see .
This health check can be fixed by ensuring no middleware adds the header.
