Hi, I think this setting and its functionality could be removed without a deprecation.
Django's docs says, "Modern browsers don’t honor X-XSS-Protection HTTP header anymore. Although the setting offers little practical benefit, you may still want to set the header if you support older browsers." https://docs.djangoproject.com/en/3.2/ref/settings/#secure-browser-xss-filter According to Mozilla's docs, the header is supported by IE8 and Safari. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection In Django 3.0, the system check that suggested using this setting was removed: https://code.djangoproject.com/ticket/30680. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/bb6d7e16-7f8a-4c20-a3a6-4ebe3b2f05c2n%40googlegroups.com.
