Describe the problem that you experienced

As per Angular's security guide which says,

Cross-site script inclusion, also known as JSON vulnerability, can allow an attacker's website to read data from a JSON API. The attack works on older browsers by overriding built-in JavaScript object constructors, and then including an API URL using a tag.

As I understand, JSON hijacking was possible by overriding JavaScript Array constructor. Since it is fixed in modern browsers which support ES5, is this section relevant now? Is it still recommended to have JSON prefix for all JSON http responses?

References:
https://security.stackexchange.com/questions/155518/why-json-hijacking-attack-doesnt-work-in-modern-browsers-how-was-it-fixed
https://security.stackexchange.com/questions/159609/how-is-it-possible-to-poison-javascript-array-constructor-and-how-does-ecmascrip

Enter the URL of the topic with the problem

https://angular.io/guide/security#cross-site-script-inclusion-xssi

Describe what you were looking for in the documentation

No response

Describe the actions that led you to experience the problem

No response

Describe what you want to experience that would fix the problem

No response

Add a screenshot if that helps illustrate the problem

No response

If this problem caused an exception or error, please paste it here

No response

If the problem is browser-specific, please specify the device, OS, browser, and version

No response

Provide any additional information here in as much as detail as you can

No response