Probable MIME-Sniffing
search cancel

Probable MIME-Sniffing

book

Article ID: 94902

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

X-Content-Type Header is not set in the response which may imply that the application may be vulnerable to MIME Sniffing attacks. After intercepting the response it can be observed that X-Content-Type-Options header is not present which can lead to possible MIME attack.

Environment

All Versions of SSG

Resolution

1. This can be achieved by adding manage Transport Properties/ Headers assertion to your policy.

2. In the Transport Properties/ Header Properties set the type to HTTP

3. In the Transport Properties/ Header Properties change the operation to add or replace

4. In the Transport Properties/ Header Properties the Property/Header name should be set to X-Content-Type-Options

5. In the Transport Properties/ Header Properties value set the value as nosniff

6. Additionally you can add this to a global fragment as well.