favicon.ico、robots.txt、sitemap.xmlなどのファイルはXSSに対して脆弱ですか？

アプリに対するZapスキャンで、サイトマップとファビコンに「WebブラウザーXSS保護が有効になっていません」の脆弱性が検出されました。これらのURLを無視しても安全ですか、それともアプリが脆弱であることを意味しますか？

これがファビコンの完全な出力です：

{'long_description':
  "The X-XSS-Protection HTTP response header allows the web server to enable or disable the web browser's XSS protection mechanism.
  The following values would attempt to enable it: 
    X-XSS-Protection: 1; mode=block
    X-XSS-Protection: 1; report=http://www.example.com/xss
  The following values would disable it:
    X-XSS-Protection: 0
  The X-XSS-Protection HTTP response header is currently supported on Internet Explorer, Chrome and Safari (WebKit).
  Note that this alert is only raised if the response body could potentially contain an XSS payload
  (with a text-based content type, with a non-zero length)."
'method': 'GET'
'pluginId': '10016',
'cweid': '933',
'confidence': 'Medium',
'wascid': '14',
'description': "Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection'
  HTTP response header on the web server"
'url': 'http://xxx.xxx.xxx.xxx/favicon.ico',
'reference': 'https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet\nhttps://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/',
'solution': "Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.",
'name': 'Web Browser XSS Protection Not Enabled', 'risk': 'Low', 'id': '0'}