My customer use CA Site Minder for SSO. Site Minder Agent is installed in IIS, some request is stopped by Site Minder Agent and show a message "Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags". I added "CSSChecking=no" in LocalConfig.conf then the request can pass through. But i think it's not recommended. Plz help me explain the true root cause of it and how to solve it? Thanks.