If you are forced to use IE, make sure that you know about IE8 built-in security features before you upgrade your current IE. Some of the security features will stop us from using some of our internal applications. This post talks about the XSS Filter in IE8, which is enabled by default, and how to disable it when it hinders your ability to use web sites you trust.

NOTE: This post is intended only for the security testers/analysts and not for a normal internet user. Please do not mess up the default security settings in IE8, unless you know what you are doing. Fortunately for you, I’m going to show you what you’re doing.

IE Intrusive Yellow Bar

IE Intrusive Yellow Bar

Disabling XSS Filters

Go to: Tool Menu > Internet Options > Security Tab > Internet > Custom Level > Hit Disable under “Enable XSS Filter” near the bottom of the list.

Screenshot time!

Tools, Internet Options

Tools > Internet Options

Set Custom Level

Set Custom Level

Scroll down, select the "Disable" radio button, click "OK"

Click 'Yes' on the confirmation popup

NOTE: Enable XSS Filtering after the requirement or Reset to default settings.

To Disable the XSS filter via application code; set HTTP Response header: X-XSS-Protection: 0