Adding X-Content-Type-Options

Follow these steps to add the X-Content-Type-Options HTTP response header at root level of IIS server.

  1. Open IIS Manager.
  2. Click on every IRC and the CM site to check if the X-Content-Type-Options HTTP Response Header is already added. If already added, then remove the header to prevent duplication. Follow these steps to remove the X-Content-Type-Options HTTP response header:
    1. Click on the relevant Web folder to remove the X-Content-Type-Options HTTP response header.
    2. Double click on the HTTP Response Headers option from the Feature View section.
    3. Select the X-Content-Type-Options and click the Remove link from the Action pane. The HTTP Response Header Confirmation window is displayed.
    4. Click Yes.
  3. Click the Root Website under which the IRC and the CM sites are located. For example, the IIS website on which the IRC and the CM application is hosted.
  4. Double click on the 'HTTP Response Headers' option from the Feature View section.
  5. Click on the Add link from the Action Pane. The Add Custom HTTP Response Header popup is displayed.
  6. Specify the name as 'X-Content-Type-Options' and the value as 'nosniff'.
  7. Click OK on the Add Custom HTTP Response Header popup.