Probable MIME-Sniffing

Document ID : KB000094902
Last Modified Date : 16/05/2018
Show Technical Document Details
Introduction:
X-Content-Type Header is not set in the response which may imply that the application may be vulnerable to MIME Sniffing attacks. After intercepting the response it can be observed that X-Content-Type-Options header is not present which can lead to possible MIME attack.
Environment:
All Versions of SSG
Instructions:

1. This can be achieved by adding manage Transport Properties/ Headers assertion to your policy.

2. In the Transport Properties/ Header Properties set the type to HTTP

3. In the Transport Properties/ Header Properties change the operation to add or replace

4. In the Transport Properties/ Header Properties the Property/Header name should be set to X-Content-Type-Options

5. In the Transport Properties/ Header Properties value set the value as nosniff
6.
Additionally you can add this to a global fragment as well.