since oC10.7 I’ve got a warning in the general section of the admin about the HTTP header X-XSS-Protection.
Usually I set this header to
1; mode=block which prevent rendering of the page if an attack is detected.
According to Mozilla documentation it seems about right.
Why is ownCloud advising the value of 0 ? It could lead to XSS attacks.
its deprecated and does not not work in modern browsers anymore
Here you can see more details if you click on response headers tab:
Credit goes to @rkaussow and @corby