Following a decision by Google Chrome developers to disable Auditor, developers should be able to disable the auditor for older browsers and set it to 0.
The X-XSS-PROTECTION header was found to have a multitude of issues, instead of helping the developers protect their application.
The following discussion describes the issue at hand with more references: OWASP/CheatSheetSeries#376
A PR is currently open to tackle the issue at the CheatSheet Series project: OWASP/CheatSheetSeries#378

If approved, we can help with creating a PR for this issue.
Available for further discussions 😄