5.3.2 Ensure X-Content-Type-Options header is configured and enabled

Information

The X-Content-Type-Options header should be used to force supported user agents to check an HTTP response's content type header with what is expected from the destination of the request.

Rationale:

Implementing the X-Content-Type-Options header with the 'nosniff' directive helps to prevent drive-by download attacks where a user agent is sniffing content types in responses.

Solution

Open the nginx configuration file that contains your server blocks. Add the below line into your server block to add X-Content-Type-Options header and direct your user agent to not sniff content types.

add_header X-Content-Type-Options 'nosniff' always;

Default Value:

This header is not implemented by default.

See Also

https://workbench.cisecurity.org/benchmarks/17381

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-3, CSCv7|18.1

Plugin: Unix

Control ID: 6e5c6b3205dfb9e476a6ba2958943223e7e5309ded06965a98b66762b460d313