Skip navigation

Please enable X-Content-Type-Options: nosniff in Mid-Tier

score 5
You have not voted. Not Planned

Please treat this as RFE.

We have following requirement as part of the product Hardening step.

----------------------------------------------

When hosting the user-uploaded content which can be viewed by other users, use
the X-Content-Type-Options: nosniff header so that browsers do not try to guess
the data type. Always let the server determine the data type.

-----------------------------------------

As per earlier ticket raised with BMC (Case 00289088), we got information that
BMC has no option to do this setting.

Hence I am raising this case in RFE so that it can be included in the Product.

Please call me in case of any concerns on : +91-9811313188

Comments

Vote history