Solve syntax issues with X-XSS-Protection header

The following error is shown in the javascript console when loading the todo web app:

Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.

Seems caused by combination of the NodeJS helmet module and the MindSphere Gateway decorating the answer, ending with invalid syntax and mode=block twice in the header.