Don't send the `X-XSS-Protection` http header anymore.