Turn on Cross-Site Scripting Filter

This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.

If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.

If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.

Supported on: At least Internet Explorer 8.0
Turn on Cross-Site Scripting (XSS) Filter


  1. Enable
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    Value Name1409
    Value TypeREG_DWORD
    Value0
  2. Disable
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    Value Name1409
    Value TypeREG_DWORD
    Value3


inetres.admx

Administrative Templates (Computers)

Administrative Templates (Users)