Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.

Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.

Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.

Kind regards
Graham



All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 213  Zyxel Employee
    Hi @GrahamWebb 
    Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
  • GrahamWebb
    GrahamWebb Posts: 6
    Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing.  Is there a similar command I can run to enable this header?


  • Zyxel_Vic
    Zyxel_Vic Posts: 213  Zyxel Employee
    Hi @GrahamWebb
    Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!