I doubt it’d work as just a meta tag. You may have to tell your web server to send it as a real header.
In PHP, you’d do it like
header("X-XSS-Protection: 0");
In ASP.net:
Response.AppendHeader("X-XSS-Protection","0")
In Apache’s config:
Header set X-XSS-Protection 0
In IIS, there’s a section in the properties for extra headers. It often has “X-Powered-By: ASP.NET” already set up in it; you’d just add “X-XSS-Protection: 0” to that same place.