id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32678	Remove SECURE_BROWSER_XSS_FILTER setting (X-XSS-Protection header support)	Tim Graham	Tim Graham	"As proposed on [https://groups.google.com/g/django-developers/c/Y5ewyst1gbg/m/ciqn-pwLBAAJ django-developers], remove this setting and its functionality without a deprecation.

Django's docs says, ""Modern browsers don’t honor X-XSS-Protection HTTP header anymore. Although the setting offers little practical benefit, you may still want to set the header if you support older browsers.""
https://docs.djangoproject.com/en/3.2/ref/settings/#secure-browser-xss-filter

According to Mozilla's docs, the header is supported by IE8 and Safari.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

In Django 3.0, the system check that suggested using this setting was removed (#30680)."	Cleanup/optimization	closed	HTTP handling	dev	Normal	fixed	security, xss		Ready for checkin	1	0	0	0	1	0