Set to true to enable the X-XSS-Protection header, which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here since it's recommended to not use this header anymore.