Remove x-xss-protection header from default headers in httpapi (SYN-4641)

[vEpiphyte]

The x-xss-protection header is not supported by most browsers and is a non-standard header ( see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection ). This can be added to a service with the https:headers if a user needs it for a given deployment.

[codecov]

Codecov Report

Base: 97.21% // Head: 97.11% // Decreases project coverage by -0.11% ⚠️

Coverage data is based on head (ac7c5b9) compared to base (876f388).
Patch has no changes to coverable lines.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2997      +/-   ##
==========================================
- Coverage   97.21%   97.11%   -0.11%     
==========================================
  Files         218      218              
  Lines       43205    43204       -1     
==========================================
- Hits        42003    41957      -46     
- Misses       1202     1247      +45     

Flag	Coverage Δ
linux	97.11% <ø> (+<0.01%)	⬆️
linux_replay	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
synapse/lib/httpapi.py	96.25% <ø> (-0.01%)	⬇️
synapse/tests/utils.py	94.46% <0.00%> (-1.89%)	⬇️
synapse/cortex.py	96.68% <0.00%> (-0.55%)	⬇️
synapse/lib/hiveauth.py	96.01% <0.00%> (-0.48%)	⬇️
synapse/lib/oauth.py	98.68% <0.00%> (-0.44%)	⬇️
synapse/lib/trigger.py	95.01% <0.00%> (-0.39%)	⬇️
synapse/lib/view.py	97.01% <0.00%> (-0.34%)	⬇️
synapse/lib/jsonstor.py	98.32% <0.00%> (-0.24%)	⬇️
synapse/axon.py	98.73% <0.00%> (-0.15%)	⬇️
synapse/lib/layer.py	96.99% <0.00%> (-0.05%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.