Workaround: 403 Error When Uploading Images to Control Center

Adding a logo or other image to CC can generate a 403 from Amazon Web Services (AWS) Web Application Firewall (WAF) rule, which rejects images containing Extensible Metadata Platform (XMP) tags.

If an uploaded image contains embedded XMP tags, it will trigger the AWS WAF checks against cross-site scriptin (XSS). Confirm this by looking in the image file.

Strip image tags with steps below:

  1. Download exiftool from

  2. Delete tags from the image by running exiftool -All= <image file name>.

  3. Try again to upload the modified file.

Your file should upload to AWS without the WAF XSS warning.

Was this article helpful?
6 out of 7 found this helpful