Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.
Options
GrahamWebb
Posts: 27 
Freshman Member
Freshman Member
in Security
Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.
Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.
Kind regards
Graham
0
All Replies
-
Hi @GrahamWebb
Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
0 -
Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing. Is there a similar command I can run to enable this header?
0 -
Hi @GrahamWebb
Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.0
Zyxel Employee
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 210 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 534 USG FLEX H Series
- 338 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 295 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight
