Information
This policy setting allows you to manage MIME sniffing for file promotion from one type to
another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If you enable this policy setting, the MIME Sniffing Safety
Feature will not apply in this zone. The security zone will run without the added layer of
security provided by this feature. If you disable this policy setting, the actions that may be
harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer security feature
will be turned on in this zone, as dictated by the feature control setting for the process. The
recommended state for this setting is- Enabled-Enable.
*Rationale*
The MIME Sniffing Safety Feature improves security in some scenarios by providing an
added layer of defense against potentially malicious files. The feature also helps with
compatibility issues caused by web servers that specify incorrect MIME types. Under
certain circumstances it can actually increase the risk of compromise because Internet
Explorer may detect a script embedded within content that has a non-script MIME type
declared and execute the script.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Enable MIME
SniffingThen set the Enable MIME Sniffing option to Enable.
Default Value-Enabled