These rules were tested and are divided into two groups: volatile and non-volatile ones. The volatile ones generate more false positives, while non-volatile ones are very robust.
Adding anti-XSS rules from IE.
Do you have example payloads used in testing these rules? Would like to see the difference between the volatile/non-volatile tests.