Auto set Content Type options

Watch

Save as PDF

Share this page

Feedback

HomeVancouver Platform securityPlatform SecurityInstance Security CenterInstance Security Hardening SettingsSecurity best practicesAuto set Content Type options

Table of Contents

Auto set Content Type options

Release version:
Vancouver
Washington DC
UpdatedFeb 1, 2024
1 minute read

Vancouver
Platform Security

The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.

X-Content-Type-Options response HTTP header is used by the server to indicate that the MIME (Multipurpose Internet Mail Extensions) types advertised in the Content-Type headers should be followed.

Setting this header will prevent the browser from interpreting files as something else then declared by the content type in the HTTP headers. This header can help mitigate MIME confusion attacks.

Auto Set Content Type Options will be compliant if glide.security.header.auto_set_x_content_type_options is set to true.

Warning: The value for this property is a no DB override. It can't be altered or overridden.

More information

Search:


Attribute	Description
Property name	glide.security.header.auto_set_x_content_type_options
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	Prevents the browser from interpreting files as something else than declared by the content type in the HTTP headers.
Type	true \| false
Recommended value	true
Functional Impact	This header can help mitigate MIME confusion attacks.
Security risk	(High) If this property is not enabled, the browser can misinterpret content type in the HTTP headers.
References	Downloadable MIME types

To learn more about adding or creating a system property, see Add a system property.

Vancouver Platform security

Filters

Versions

Products