Controlling the XSS Filter

Internet Explorer 8 included a novel new feature to help prevent reflected cross-site scripting attacks, known as the XSS Filter. This filter runs by default in the Internet, Trusted, and Restricted security zones. Local Intranet zone pages may opt-in to the protection using the same header: X-XSS-Protection: 1If a cross-site scripting attack is detected, Internet Explorer 8 and 9 will attempt to