1; mode=block
xssProtection controls the value of the X-XSS-Protection header. This header is mostly for backwards compatibility. It enables some security features in older browsers that dobn't support CSP.
Set to false to disable the X-XSS-Protection header.