Skip navigation

Please enable X-Content-Type-Options: nosniff in Mid-Tier

score 5
You have not voted. Not Planned

Please treat this as RFE.

We have following requirement as part of the product Hardening step.


When hosting the user-uploaded content which can be viewed by other users, use
the X-Content-Type-Options: nosniff header so that browsers do not try to guess
the data type. Always let the server determine the data type.


As per earlier ticket raised with BMC (Case 00289088), we got information that
BMC has no option to do this setting.

Hence I am raising this case in RFE so that it can be included in the Product.

Please call me in case of any concerns on : +91-9811313188


Vote history