Categories
PHP Programming

Disabling Internet Explorer Cross Site Scripting Filter (XSS)

A client of mine recently tasked me with figuring out why the newer versions of IE were throwing a Cross Site Scripting (XSS) error.  For the life of me,  couldn’t figure out why.  Maybe it was because they were submitting a form to another server?  Or perhaps because the Javascript was closing the window when it was done?  I don’t know.  But, I did find a nice little trick that allows you to disable the Cross Site Scripting(XSS) filter in IE.

All that you need to do is add “X-XSS-Protection: 0” to the response header.  For instance, to disable the Cross Site Scripting(XSS) filter all you do is:

header(“X-XSS-Protection: 0”);

That’s it.  Usually that will resolve any XSS errors you have.  It may not be the best solution from a security stand point, but it’ll work in a pinch,

By Jack Slingerland

Founder of Kernl.us. Working and living in Raleigh, NC. I manage a team of software engineers and wrk in Python, Django, TypeScript, Node.js, React+Redux, Angular, and PHP. I enjoy hanging out with my wife and son, lifting weights, and advancing Kernl.us in my free time.

1 reply on “Disabling Internet Explorer Cross Site Scripting Filter (XSS)”

Need more help with X-XSS-Protection: 0
Not a programmer, can you give stepd to help me?

Thanks in advance for any help.

Comments are closed.