X-XSS-Protection Middleware

This package provides an Express middleware specifically designed to disable the `X-XSS-Protection` HTTP header by setting its value to `0`. This header, once intended to mitigate cross-site scripting (XSS) attacks, has been largely deprecated by browser vendors due to its propensity to introduce new security vulnerabilities rather than solve them. It is part of the Helmet.js project, a collection of middlewares for securing Express apps. The current stable version is 2.0.0. The package maintains a low release cadence, primarily updating for Node.js compatibility or critical bug fixes, as its core functionality (disabling a header) is stable and intentionally minimal. Its key differentiator is its explicit recommendation and implementation for removing a problematic legacy security feature, contrasting with older practices that advocated its use. This library is a targeted solution for modern web security practices, where XSS mitigation is handled by Content Security Policy (CSP) and robust input sanitization instead of this unreliable header.