As a vulnerability scanning software we have to constantly develop to keep up with the latest threats and updates. Recently we removed support for the X-XSS-Protection header.
What does the X-XSS-Protection header do?
The X-XSS-Protection header enables a XSS detection feature in the browser, which prevents some categories of XSS attacks.
Why is it being removed?
What browsers still support it?
You can stay up to date with the latest data here: https://github.com/mdn/browser-compat-data
What to do instead?
Enabling a strong content-security-policy header will offer you protection against XSS. You can read more about enabling security headers here: https://wiki.crashtest-security.com/enable-security-headers