diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e34c968708..050494b347 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -19,6 +19,11 @@ Fixed
 
   Contributed by @S-T-A-R-L-O-R-D
 
+
+* Fixed ``st2client/st2client/base.py`` file to use ``https_proxy``(not ``http_proxy``) to check HTTPS_PROXY environment variables.
+
+  Contributed by @wfgydbu
+
 Added
 ~~~~~
 
@@ -70,6 +75,10 @@ Changed
 
   Contributed by @cognifloyd
 
+* Changed the `X-XSS-Protection` HTTP header from `1; mode=block` to `0` in the `conf/nginx/st2.conf` to align with the OWASP security standards. #5298
+
+  Contributed by @LiamRiddell
+
 3.7.0 - May 05, 2022
 --------------------
 
diff --git a/conf/nginx/st2.conf b/conf/nginx/st2.conf
index 41f8bcf6a3..fc2243068a 100644
--- a/conf/nginx/st2.conf
+++ b/conf/nginx/st2.conf
@@ -49,7 +49,7 @@ server {
   add_header              X-Content-Type-Options nosniff;
   add_header              X-Frame-Options DENY always;
   add_header              Strict-Transport-Security "max-age=3153600;includeSubDomains";
-  add_header              X-XSS-Protection "1; mode=block";
+  add_header              X-XSS-Protection "0";
 
   location @apiError {
     add_header Content-Type application/json always;
diff --git a/st2client/st2client/base.py b/st2client/st2client/base.py
index ba9cd821c3..4dfd0e95ae 100644
--- a/st2client/st2client/base.py
+++ b/st2client/st2client/base.py
@@ -453,6 +453,6 @@ def _print_client_settings(self, args):
         )
         print(
             "HTTPS_PROXY: %s"
-            % (os.environ.get("http_proxy", os.environ.get("HTTPS_PROXY", "")))
+            % (os.environ.get("https_proxy", os.environ.get("HTTPS_PROXY", "")))
         )
         print("")