Disabling Internet Explorer Cross Site Scripting Filter (XSS)

A client of mine recently tasked me with figuring out why the newer versions of IE were throwing a Cross Site Scripting (XSS) error.  For the life of me,  couldn’t figure out why.  Maybe it was because they were submitting a form to another server?  Or perhaps because the Javascript was closing the window when it was done?  I don’t know.  But, I did find a nice little trick that allows you to disable the Cross Site Scripting(XSS) filter in IE.

All that you need to do is add “X-XSS-Protection: 0” to the response header.  For instance, to disable the Cross Site Scripting(XSS) filter all you do is:

header(“X-XSS-Protection: 0”);

That’s it.  Usually that will resolve any XSS errors you have.  It may not be the best solution from a security stand point, but it’ll work in a pinch,

Author: Jack Slingerland

I’m a software engineer working and living in Raleigh, NC. I work in Python, Django, Node.js, React+Flux, AngularJS, and PHP. I like to work out with Kettlebells, run, and spend my free time with my wife, cat, and dog.

One thought on “Disabling Internet Explorer Cross Site Scripting Filter (XSS)”

  1. Need more help with X-XSS-Protection: 0
    Not a programmer, can you give stepd to help me?

    Thanks in advance for any help.

Comments are closed.