Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 2212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Http security headers scan

Louis-M

We had a recent pen test performed and one of the areas it showed as a risk was the lack of http security headers for our external IP.

We use web server protection and can't see any option in the UTM to enable these? eg

X-XXS-protection: doesn't exist
X=content-type-options: doesn't exist

Any ideas?



This thread was automatically locked due to age.
  • 0

    Hello Louis,

    Thank you for contacting the Sophos Community!

    Please open a ticket with Sophos Support along with the results of the Pentest and provide me with the Case ID.

    I found something about this about the XG but not for the UTM.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    Awrite Louis!  Glad to see you back!

    Thanks for the great question.  One of my US clients is planning on a "hard" pen test next year before opening their SAAS site and I'm sure we'll see the same issue.

    How about pictures of the Edits of the Virtual Server and Firewall Profile with all sections open?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML