We had a recent pen test performed and one of the areas it showed as a risk was the lack of http security headers for our external IP.
We use web server protection and can't see any option in the UTM to enable these? eg
X-XXS-protection: doesn't existX=content-type-options: doesn't exist
Any ideas?
Awrite Louis! Glad to see you back!
Thanks for the great question. One of my US clients is planning on a "hard" pen test next year before opening their SAAS site and I'm sure we'll see the same issue.
How about pictures of the Edits of the Virtual Server and Firewall Profile with all sections open?
Cheers - Bob