A recent security scan of ISE 1.4 came up with the finding below.  I am trying to determine if a defect is open on this and/or if it has been released in a later release already.  I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.

X-XSS-Protection HTTP Header missing on port 443.

  "CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."