Remove XSS-protection because it's not supported by any browser - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection All API endpoints are protected by https://helmetjs.github.io/ , no need to double in nginx.
Remove XSS-protection because it's not supported by any browser - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection All API endpoints are protected by https://helmetjs.github.io/ , no need to double in nginx.