How to set X-Content-Type-Options HTTP header

Question & Answer

Question

How to set X-Content-Type-Options HTTP header for ClearQuest?

Cause

When performing security tests on ClearQuest with a testing tool like IBM AppScan, the following issue might be found in the scan report:
Missing or insecure "X-Content-Type-Options" header

X-Content-Type-Options header helps prevent browsers from trying to sniff the MIME type.

Answer

Configure IBM HTTP Server for your ClearQuest deployment.
For instructions, see Configuring a web plug-in for IBM HTTP Server.
Uncomment the following Load Module directive for the mod_headers module in the httpd.conf file:
```
LoadModule headers_module modules/mod_headers.so
```
Add the following line to the httpd.conf file:
```
Header set X-Content-Type-Options "nosniff"
```
Save the httpd.conf file and restart your IBM HTTP Server.

Related Information

X-Content-Type-Options

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

How to set X-Content-Type-Options HTTP header

Question & Answer

Question

Cause

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?