After adding policy to block executable content, attempting to access http://blog.goo.ne.jp/favicon.ico results in a blocked action. Why does the Web Security Service treat this icon file as an executable?
This is because the HTTP response from the server is Content-Type: application/octet-stream.
GET /favicon.ico HTTP/1.1
Host: blog.goo.ne.jp
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ja,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: BLOGTracking=60.32.139.80.1433397044326951; GUID=000B2AEEE734056F3010BD9E61626364; _ga=GA1.3.1590809012.1433397045; DCDC=B1L3D0C0P13G00; NGUserID=ac142b3e-5036-1433397046-1
Connection: keep-alive
HTTP/1.1 200 OK
Date: Mon, 22 Jun 2015 02:59:24 GMT
Server: lighttpd
Cache-Control: max-age=43200
Content-Type: application/octet-stream
Accept-Ranges: bytes
Content-Length: 15086
Connection: close
To access http://blog.goo.ne.jp/favicon.ico, modify the Web Security Service policy to exempt the URL.