Forum Discussion

Altostratus

Aug 31, 2018

My OWASP ZAP tool alerts - Web Browser XSS Protection Not Enabled on a website -

Hi everyone I am running ASM with Attack Signatures to block XSS attacks but my tool ZAP still alerts me to this issue - Web Browser XSS Protection Not Enabled. Is there a way to configure ASM ...

ASM Advanced WAF

security

samstep

Cirrocumulus

Sep 02, 2018

Hi,

"Web Browser XSS Protection Not Enabled" is a Low severity alert in OWASP ZAP effectively telling that the X-XSS-Protection header is missing in server response. You can easily add this header to your responses using an iRule like this:

when HTTP_RESPONSE { 
  HTTP::header insert "X-XSS-Protection" "1; mode=block" 
}

Forum Discussion

My OWASP ZAP tool alerts - Web Browser XSS Protection Not Enabled on a website -

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Managing NGINX App Protect WAF for Beginners

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

Cookie-based DDoS protection