The Mozilla Developer Network describes the X-XSS-Protection header like this:

Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. It consists of a series of instructions from a website to a browser, which instruct the browser to place restrictions on the things that the code comprising the site is allowed to do.

source: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

This header is non-trivial, and documentation for it is a work in progress.