If you are forced to use IE, make sure that you know about IE8 built-in security features before you upgrade your current IE. Some of the security features will stop us from using some of our internal applications. This post talks about the XSS Filter in IE8, which is enabled by default, and how to disable it when it hinders your ability to use web sites you trust.
NOTE: This post is intended only for the security testers/analysts and not for a normal internet user. Please do not mess up the default security settings in IE8, unless you know what you are doing. Fortunately for you, I’m going to show you what you’re doing.
IE Intrusive Yellow Bar
Disabling XSS Filters
Go to: Tool Menu > Internet Options > Security Tab > Internet > Custom Level > Hit Disable under “Enable XSS Filter” near the bottom of the list.
Screenshot time!
Tools > Internet Options
Set Custom Level
Scroll down, select the "Disable" radio button, click "OK"
Click 'Yes' on the confirmation popup
NOTE: Enable XSS Filtering after the requirement or Reset to default settings.
To Disable the XSS filter via application code; set HTTP Response header: X-XSS-Protection: 0
