The XSS Filter in Internet Explorer 8 improperly blocks HTTP response rendered as XML


When you submit an HTTP request using Internet Explorer (IE) 8 to a target page hosted in a web application, the IE XSS Filter may block the response. This occurs even if the request and response are from the same domain. It also occurs even if you attempt to disable the XSS Filter feature by setting the following HTTP response header on the server: 
X-XSS-Protection: 0


Microsoft has confirmed that this is a problem in the products listed in the Applies-To section of this article..


To workaround the issue, submit the HTTP request to a page that then performs an HTTP 307 redirect to the target page. 

This problem is resolved in Internet Explorer 9. 


Article ID: 2524198 - Last Review: Mar 17, 2011 - Revision: 1

Windows Internet Explorer 8