Zywall USG310 X-XSS-Protection HTTP Header missing on port 443.
Options

GrahamWebb
Posts: 27
Freshman Member




in Security
Hi our office Zywall has failed a PCI scan due to the following X-XSS-Protection HTTP Header missing on port 443.
Is there a command that can be run on the Zywall to enable this we are on V4.64(AAPJ.0) firmware.
Kind regards
Graham
0
All Replies
-
Hi @GrahamWebb
Tried the same CLI from web cli and didn't see the same symptom. Can you find a not so busy hour and try it again (please have console connect to the device). If this symptom always exist, please send the console dumped to us in private message.
0 -
Hi Sorry I think you are getting mixed up with my other post regarding the x-frame-header header I have fixed that vulnarability now but the PCI scan is now failing on the x-xss-protection header being missing. Is there a similar command I can run to enable this header?
0 -
Hi @GrahamWebb
Sorry for mixing your posts. Currently the x-xss-protection header is not supported by Zywall/USG/ATP/FLEX series. We will put this feature into our evaluation queue and put this request into the ideas category as well. Thanks for your feedback about it.0
Categories
- All Categories
- 434 Beta Program
- 2.7K Nebula
- 174 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 418 USG FLEX H Series
- 297 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 269 Service & License
- 416 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 84 About Community
- 87 Security Highlight