Question & Answer
Question
How to set X-Content-Type-Options HTTP header for ClearQuest?
Cause
When performing security tests on ClearQuest with a testing tool like IBM AppScan, the following issue might be found in the scan report:
Missing or insecure "X-Content-Type-Options" header
Missing or insecure "X-Content-Type-Options" header
X-Content-Type-Options header helps prevent browsers from trying to sniff the MIME type.
Answer
- Configure IBM HTTP Server for your ClearQuest deployment.
For instructions, see Configuring a web plug-in for IBM HTTP Server. - Uncomment the following Load Module directive for the mod_headers module in the httpd.conf file:
LoadModule headers_module modules/mod_headers.so
- Add the following line to the httpd.conf file:
Header set X-Content-Type-Options "nosniff"
- Save the httpd.conf file and restart your IBM HTTP Server.
Related Information
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
26 February 2020
UID
ibm13518811