id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
30680	Remove security.W007 check.	Adam Johnson	Adnan Umer	"As discused in #30426, it seems that the X-Xss-Protection security header is no longer industry best practice, as major browsers are removing their XSS auditors and security professionals no longer recommend it:

* Scott Helme has stopped requiring it on SecurityHeaders.com - https://scotthelme.co.uk/security-headers-updates/ 
* Chrome has is removing their XSS Auditor - https://bugs.chromium.org/p/chromium/issues/detail?id=968591
* Edge already removed their XSS auditor
* This is all because the protection is minimal and the false positives tend to be damaging - https://frederik-braun.com/xssauditor-bad.html

As suggested by Ran on #30426, rather than enforce the setting `SECURE_BROWSER_XSS_FILTER`, we should actually be looking at removing the check `security.W007` so users have one less thing to think about for a modern security posture."	Cleanup/optimization	closed	Core (System checks)	dev	Normal	fixed			Accepted	1	0	0	0	1	0