X-Content-Type-Options-Vulnerability/EN/Background

Aus Siwecos
Version vom 8. April 2019, 08:54 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The header entry reduces the load from so-called drive-by download attacks. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic HTML-Datei by the Browser, could infect your computer or other computers with malicious code. For further information on X-Content-Type-Options, please refer to the report by Golem.de (German only).