Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.
GrahamWebb
Posts: 15 
Freshman Member
Freshman Member
in Security
Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.
Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.
Kind regards
Graham
0
Answers
-
Hi @GrahamWebb
Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
0 -
Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing. Is there a similar command I can run to enable this header?
0 -
Hi @GrahamWebb
Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.0
Zyxel Employee
Categories
- 5.9K All Categories
- 1.2K Nebula
- 16 Nebula Ideas
- 12 Nebula Status and Incidents
- 3.4K Security
- 183 Security Ideas
- 592 Switch
- 24 Switch Ideas
- 425 WirelessLAN
- 6 WLAN Ideas
- 4.2K Consumer Product
- 56 Service & License
- 190 New and Release
- 24 Security Advisories
- 451 FAQ
- 208 Nebula FAQ
- 99 Security FAQ
- 65 Switch FAQ
- 63 WirelessLAN FAQ
- Documents
- 20 Nebula Monthly Express
- 33 About Community
- 20 Security Highlight
