Modification of X-XSS Protection best practice configuration

According to OWASP Secure Headers Project the X-XSS header should be set as **X-XSS-Protection: 0** and therefore should not be penalized by the scoring methodology. A counterproposal would be to give more weight to CSP.

Source:
https://owasp.org/www-project-secure-headers/#x-xss-protection
