Vulnerability scanner reports the absence of "X-XSS-Protection HTTP" and "X-Content-Type-Options" HTTP header on port 80 of Red Hat Capsule

Solution Verified - Updated -

Issue

  • Vulnerability scanner reports QID 11827 : http header security not found.
  • X-Frame-Options or Content-Security-Policy:frame-ancestors HTTP Headers missing on port 80.
  • X-XSS-Protection HTTP Header mising on port 80.
  • X-content-Type-Options HTTP Header missing on port 80.
  • We need to add http response headers to fix QID-11827.
  • Facing QID:11827 Vulnerability issue in Red Hat Capsule server ? How to resolve it ?

Environment

  • Red Hat Capsule 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content