A client of mine recently tasked me with figuring out why the newer versions of IE were throwing a Cross Site Scripting (XSS) error. For the life of me, couldn’t figure out why. Maybe it was because they were submitting a form to another server? Or perhaps because the Javascript was closing the window when it was done? I don’t know. But, I did find a nice little trick that allows you to disable the Cross Site Scripting(XSS) filter in IE.
All that you need to do is add “X-XSS-Protection: 0” to the response header. For instance, to disable the Cross Site Scripting(XSS) filter all you do is:
header(“X-XSS-Protection: 0”);
That’s it. Usually that will resolve any XSS errors you have. It may not be the best solution from a security stand point, but it’ll work in a pinch,
One reply on “Disabling Internet Explorer Cross Site Scripting Filter (XSS)”
Need more help with X-XSS-Protection: 0
Not a programmer, can you give stepd to help me?
Thanks in advance for any help.