diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index f76bb90ef8f..72a7327a1a1 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1084,7 +1084,7 @@ function top_httphead($contenttype='text/html', $forcenocache=0)
 	// Security options
 	header("X-Content-Type-Options: nosniff");  // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
 	header("X-Frame-Options: SAMEORIGIN");      // Frames allowed only if on same domain (stop some XSS attacks)
-	header("X-XSS-Protection: 1");      		// Enable XSS protection of some browsers (note: use of Content-Security-Policy is more efficient)
+	//header("X-XSS-Protection: 1");      		// XSS protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
 	if (! defined('FORCECSP'))
 	{
 		//if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))