i4connected Knowledgebase 5.6

X-Content-Type-Options header

Abstract

Check out this article and read more details about the X-Content-Type-Options header and learn how to configure it for your i4connected installation.

The X-Content-Type-Options header is a marker used by the server to indicate that the media types advertised by the Content-Type headers should not be changed, but followed.

The X-Content-Type-Options header can be configured in the Web.config file, under the i4connected API folder, as follows: "X-Content-Type-Options" value= "nosniff"

X_Content_Tupe_Options.jpg

The X-Content-Type-Options header

  • The nosniff parameter includes the following specifications:

    • Blocks a request if the request destination is of type:

      • "style" and the media type is not text / css, or

      • "script" and the media type is not a JavaScript MIME type.

    • Enables Cross-Origin Read Blocking protection for the media types:

      • text/html

      • text/plain

      • text/json, application/json or any other type with a JSON extension: */*+json

      • text/xml, application/xml or any other type with an XML extension: */*+xml (excluding image/svg+xml)