diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index ec58b308..44b6b7ee 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -117,7 +117,6 @@ http {
       add_header X-Frame-Options 'SAMEORIGIN';
       add_header X-Content-Type-Options 'nosniff';
       add_header X-Permitted-Cross-Domain-Policies 'none';
-      add_header X-XSS-Protection '1; mode=block';
       add_header Referrer-Policy 'same-origin';
 
       # mozilla autoconfiguration
diff --git a/towncrier/newsfragments/2338.misc b/towncrier/newsfragments/2338.misc
new file mode 100644
index 00000000..70d895e0
--- /dev/null
+++ b/towncrier/newsfragments/2338.misc
@@ -0,0 +1 @@
+Don't send the `X-XSS-Protection` http header anymore. 
\ No newline at end of file