Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12634

[Security] ZAP Scan reported Issue : X-Content-Type-Options Header Missing

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Rejected
    • Priority: Medium
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Production
    • Bug Severity:
      Low
    • Level:
      Admin, Partner
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients

      Description

      Observation found in Search Employee flow

      The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

      CC SamirRakesh RoyJaideep Vinchurkar
      SearchEmp_Spider.html

        Attachments

        1. EnrollNowWithPartnerLogin.html
          48 kB
          Prasad Pise
        2. SearchEmp_Spider.html
          48 kB
          Prasad Pise
        3. StaticReport_Spider.html
          53 kB
          Prasad Pise

          Issue Links

            Activity

              People

              Assignee:
              prasadp Prasad Pise (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: