Auto set Content Type options [Removed in Security Center 1.3.3]
X-Content-Type-Options response HTTP header is used by the server to indicate that the MIME (Multipurpose Internet Mail Extensions) enters advertised in the Content-Type headers should be followed.
Setting this header prevents the browser from interpreting files as something otherwise then declared by the content type in the HTTP headers. This header can help mitigate MIME confusion attacks.
Auto Set Content Type Options are compliant if glide.security.header.auto_set_x_content_type_options is set to true.
Warning:
The value for this property is a no DB override.
It can't be altered or overridden.
More information
| Attribute | Description |
|---|---|
| Property name | glide.security.header.auto_set_x_content_type_options |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Helps to prevent the browser from interpreting files as something otherwise than declared by the content type in the HTTP headers. |
| Type | boolean |
| Recommended value | true |
| Functional Impact | This header can help mitigate MIME confusion attacks. |
| Security risk | (High) If this property isn’t enabled, the browser can misinterpret content type in the HTTP headers. |
| References | Downloadable MIME types |
To learn more about adding or creating a system property, see Add a system property.