docs/api/xssProtection.md
## `xssProtection`
### Default
`1; mode=block`
### Description
`xssProtection` controls the value of the `X-XSS-Protection` header. This header is mostly for backwards compatibility. It enables some security features in older browsers that dobn't support CSP.
Set to `false` to disable the `X-XSS-Protection` header.