From 194884293f7384a7c93aaa7cbaf0a3d9904b4398 Mon Sep 17 00:00:00 2001
From: Kharec <sandro@cazzaniga.fr>
Date: Wed, 6 May 2026 20:13:56 +0200
Subject: [PATCH] test(e2e): align security header checks with CSP-only XSS
 defense

---
 internal/e2e/security_test.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/internal/e2e/security_test.go b/internal/e2e/security_test.go
index 39d839d..044d481 100644
--- a/internal/e2e/security_test.go
+++ b/internal/e2e/security_test.go
@@ -547,7 +547,6 @@ func TestE2E_SecurityHeadersEnhanced(t *testing.T) {
 	expectedHeaders := map[string]string{
 		"X-Content-Type-Options": "nosniff",
 		"X-Frame-Options":        "DENY",
-		"X-XSS-Protection":       "1; mode=block",
 		"Referrer-Policy":        "strict-origin-when-cross-origin",
 	}
 
@@ -707,7 +706,6 @@ func TestE2E_SecurityHeaderCombinations(t *testing.T) {
 		requiredHeaders := []string{
 			"X-Content-Type-Options",
 			"X-Frame-Options",
-			"X-XSS-Protection",
 			"Referrer-Policy",
 			"Content-Security-Policy",
 		}