Should I Disable X-XSS-Protection Header or Set It as X-XSS-Protection: 0?
It is preferred to explicitly set the X-XSS-Protection header to 0 because of the simple fact that having it explicitly disabled prevents XSS Auditor being enabled (which is enabled by default in older browsers unless specifically disabled). This header has a history of doing harm which is why all the browsers are removing it. There are cases where implementing XSS Auditor can implement cross-site information leaks and there are ways to bypass the Auditor.
The way I see it you have more to gain actively disabling it than not including it, and relying instead on a robust Content Security Policy (CSP) header. Even where older browsers don’t support CSP I would still disable X-XSS-Protection just to be sure XSS Auditor is disabled as in some old browsers it is enabled by default as mentioned and may actually degrade the security of an old browser visiting the site.
A good discussion on why the X-XSS-Protection should be explicitly disabled instead of just left out can be found here.