X-Content-Type-Options header
Check out this article and read more details about the X-Content-Type-Options header and learn how to configure it for your i4connected installation.
The X-Content-Type-Options header is a marker used by the server to indicate that the media types advertised by the Content-Type headers should not be changed, but followed.
The X-Content-Type-Options header can be configured in the Web.config file, under the i4connected API folder, as follows: "X-Content-Type-Options" value= "nosniff"
The X-Content-Type-Options header
The nosniff parameter includes the following specifications:
Blocks a request if the request destination is of type:
"style" and the media type is not text / css, or
"script" and the media type is not a JavaScript MIME type.
Enables Cross-Origin Read Blocking protection for the media types:
text/html
text/plain
text/json, application/json or any other type with a JSON extension: */*+json
text/xml, application/xml or any other type with an XML extension: */*+xml (excluding image/svg+xml)