Java

Spring does not give access to the page, how to solve?

Good evening, when setting up spring security, spring does not give access to the page. Namely, it just shows me the html code of the page. Having climbed in the headers, I found the following line X-XSS-Protection: 1; mode=block, I think because of it, when I turn it off in the spring security. config header then everything starts working.
The question is how to make it work without disabling headers?
Settings
At the WEB_INF root created the test.html page

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <h1>TEST SUPER TEST</h1>
</body>
</html>

controller to it

@Controller
public class TestController {

    @RequestMapping(value = "/stest", method = RequestMethod.GET)
    public String main(Model model) {
        return "test";
    }
}

Spring security config

@EnableWebSecurity
public class SecurityConf extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().
//                headers().disable()
                .authorizeRequests()
                .antMatchers("/stest").permitAll()
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("Alex").password("alex123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("Masha").password("masha123").roles("USER");
    }

}

Security initializer

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

web config

@Configuration
@EnableWebMvc
@ComponentScans(value = { @ComponentScan("security.com.springCong"), @ComponentScan("security.com.controller")})
@Import(SecurityConf.class)
public class WebConfig implements WebMvcConfigurer {

    @Autowired
    private ApplicationContext applicationContext;

    @Bean
    public SpringResourceTemplateResolver templateResolver() {
        SpringResourceTemplateResolver springResourceTemplateResolver = new SpringResourceTemplateResolver();
        springResourceTemplateResolver.setApplicationContext(applicationContext);
        springResourceTemplateResolver.setPrefix("WEB-INF/");
        springResourceTemplateResolver.setSuffix(".html");
        springResourceTemplateResolver.setTemplateMode(/*TemplateMode.HTML*/ "XHTML"); 
        springResourceTemplateResolver.setCacheable(false); 
        return springResourceTemplateResolver;
    }

    @Bean
    public SpringTemplateEngine templateEngine() {
        SpringTemplateEngine templateEngine = new SpringTemplateEngine();
        templateEngine.addDialect(new LayoutDialect());
        templateEngine.setTemplateResolver(templateResolver());
        templateEngine.setEnableSpringELCompiler(true);
        return templateEngine;
    }

    @Override
    public void configureViewResolvers(ViewResolverRegistry registry) {
        ThymeleafViewResolver thymeleafViewResolver = new ThymeleafViewResolver();
        thymeleafViewResolver.setTemplateEngine(templateEngine());
        thymeleafViewResolver.setContentType("UTF-8");
        thymeleafViewResolver.setViewNames(new String[] {"*"});
        registry.viewResolver(thymeleafViewResolver);
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/resources/**").addResourceLocations("/WEB-INF/resources/");
        registry.addResourceHandler("/js/**").addResourceLocations("/WEB-INF/resources/js/");
        registry.addResourceHandler("/css/**").addResourceLocations("/WEB-INF/resources/css/");
        registry.addResourceHandler("/bs/**").addResourceLocations("/WEB-INF/resources/bs/");
    }
}