Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.

GrahamWebb
GrahamWebb Posts: 21  Freshman Member
First Comment Friend Collector Second Anniversary
Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.

Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.

Kind regards
Graham



All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary
    Hi @GrahamWebb 
    Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
  • GrahamWebb
    GrahamWebb Posts: 21  Freshman Member
    First Comment Friend Collector Second Anniversary
    Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing.  Is there a similar command I can run to enable this header?


  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary
    Hi @GrahamWebb
    Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.

Security Highlight