Disabling Internet Explorer Cross Site Scripting Filter (XSS)

Posted on by

A client of mine recently tasked me with figuring out why the newer versions of IE were throwing a Cross Site Scripting (XSS) error.  For the life of me,  couldn’t figure out why.  Maybe it was because they were submitting a form to another server?  Or perhaps because the Javascript was closing the window when it was done?  I don’t know.  But, I did find a nice little trick that allows you to disable the Cross Site Scripting(XSS) filter in IE.

All that you need to do is add “X-XSS-Protection: 0″ to the response header.  For instance, to disable the Cross Site Scripting(XSS) filter all you do is:

header(“X-XSS-Protection: 0″);

That’s it.  Usually that will resolve any XSS errors you have.  It may not be the best solution from a security stand point, but it’ll work in a pinch,

One thought on “Disabling Internet Explorer Cross Site Scripting Filter (XSS)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">