diff --git a/puppet/zulip/files/nginx/zulip-include-common/headers b/puppet/zulip/files/nginx/zulip-include-common/headers
index e684f9500f..70cd3b98f5 100644
--- a/puppet/zulip/files/nginx/zulip-include-common/headers
+++ b/puppet/zulip/files/nginx/zulip-include-common/headers
@@ -5,4 +5,3 @@ add_header Strict-Transport-Security max-age=15768000 always;
 add_header X-Frame-Options DENY always;
 
 add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
diff --git a/tools/ci/success-http-headers.template.txt b/tools/ci/success-http-headers.template.txt
index 5fc4d8edd0..950d8690c6 100644
--- a/tools/ci/success-http-headers.template.txt
+++ b/tools/ci/success-http-headers.template.txt
@@ -7,7 +7,6 @@ content-language: en
 strict-transport-security: max-age=15768000
 x-frame-options: DENY
 x-content-type-options: nosniff
-x-xss-protection: 1; mode=block
 access-control-allow-origin: *
 access-control-allow-headers: Authorization
 access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD