Missing or insecure "X-Content-Type-Options" header
search cancel

Missing or insecure "X-Content-Type-Options" header

book

Article ID: 260167

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

Running PAM 04.3.05 CP06

Main issue:
Missing or insecure "X-Content-Type-Options" header

Proposed Solution:
Configure your server to send the "X-Content-Type-Options" header with value "nosniff" on all outgoing requests

Port:  443
CWE:  200

Environment

Release : 4.3
CA Process Automation

Resolution

Modify web.xml at <Install_Dir>\server\c2o\ext-deploy\c2oear-snapshot.ear\web-snapshot.war\WEB-INF.  It’s commented in web.xml and need to be uncommented as below:

<init-param>

                        <param-name>X-Content-Type-Options</param-name>

                        <param-value>nosniff</param-value>

  </init-param>