How To: Internet Explorer Privacy and Security Settings

Internet Explorer has security measures in place to help protect you as you browse the web.

Follow these steps to adjust these settings:

  1. Within Internet Explorer, go to Tools > Internet Options. The Internet Options window appears.
  2. Select the Security tab. This tab has a section at the top that lists the various security zones that Internet Explorer uses. For each of these zones, you can select a custom level of protection.
  3. Click Custom level. A second window appears that allows you to select various security settings for that zone. The Internet zone is where all sites initially start out. You should apply the High security setting for this zone. By selecting the High security setting, several features including ActiveX, Active scripting, and Java are disabled. Then click OK.
  4. From the Security tab, click Default level, and drag the slider control up to High.
  5. Click Trusted sites to set security zone for sites that you think are safe to visit.
  6. To add or remove sites from this zone, click Sites. A secondary window appears listing the sites that you trust, where you can add or remove them. You may also require that only verified sites (HTTPS) can be included in this zone. You should set the security level for the trusted sites zone to Medium-high (or Medium for Internet Explorer 6 and earlier). If you trust that the site will not contain malicious content, you can add it to the list of sites in the Trusted sites zone. Once a site is added to this zone, features such as ActiveX and Active scripting are enabled for the site.
  7. Select the Privacy tab and click Advanced. The Advanced Privacy Settings window appears.
  8. Select the Override automatic cookie handling checkbox.
  9. Then select the Prompt radio button for both first and third-party cookies. This prompts you each time a site tries to place a cookie on your machine. If the number of cookie prompts is too excessive, you can select the option to Always allow session cookies. This allows non-persistent cookies to be accepted without user interaction.
    Note: For more information about cookies, see the Managing Browser Cookies how to article.
  10. Click OK.
  11. Click Sites on the Privacy tab to specify which websites are always or never allowed to use cookies. You can add or remove sites, and change the current settings for existing sites.
  12. Click OK.
  13. Select the Advanced tab to manage settings that apply to all of the security zones.
  14. Clear the Enable third-party browser extensions checkbox. This option includes tool bars and Browser Helper Objects (BHOs). While some add-ons can be useful, they also have the ability to violate your privacy. Internationalized Domain Names (IDN) can be abused to allow spoofing of web page addresses, which can allow phishing attacks to be more convincing.
  15. To protect against IDN spoofing, select the Always show encoded addresses checkbox.
  16. Clear the Play sounds in webpages checkbox. Sounds in web pages may introduce security risks by having the browser process additional untrusted data.
  17. Click OK.