Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.
GrahamWebb
Posts: 27 
Freshman Member
Freshman Member
in Security
Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.
Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.
Kind regards
Graham
0
All Replies
-
Hi @GrahamWebb
Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
0 -
Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing. Is there a similar command I can run to enable this header?
0 -
Hi @GrahamWebb
Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.0
Zyxel Employee
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 200 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 499 USG FLEX H Series
- 323 Security Ideas
- 1.6K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 287 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight
