In this article, we will take a look at what You can do if the PCI Compliance Test of Your Security Device Fails:
X-XSS-Protection HTTP Header missing on port 443.
X-Content-Type-Options HTTP Header missing on port 443.
Strict-Transport-Security HTTP Header missing on port 443.
Please first check the following article: Zyxel | PCI Compliance - Best Practice
There are some CLI Commands that You can run if the Test still Fails:
For 5.00 (ATP / USG FLEX / VPN) and higher:
Router> configure terminal
Router(config)# ip http x-content-type-options
Router(config)# write
For 4.65 (USG Series / Legacy [ZyWall] Series) and above:
Router> configure terminal
Router(config)# ip http content-security-policy
Router(config)# write
Router(config)# ip http x-frame-options
Router(config)# write
Strict-Transport-Security HTTP Header missing on port 443.
Our ‘HTTP redirect to HTTPS’ feature can fulfil the needed requirement to only communicate with HTTPS instead of HTTP.
However, if using the PCI tool to scan this item, it will fail, but the device can detect it in any case and act accordingly.
Comments
0 commentsPlease sign in to leave a comment.