Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.
Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.
Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.
Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing. Is there a similar command I can run to enable this header?
Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.
It looks like you're new here. If you want to get involved, click on this button!
Nebula Status and Incidents
Service & License
New and Release
Zyxel Help Center
New & Release