Picto thématique

Rule n° 202 - The server indicates each resource’s MIME type.

Indicating the MIME type of each resource allows the user's browser to retrieve correctly identified contents, and to close the door to the sending of certain dangerous contents.

#Security #Development

Goal

  • Reduce the risk of downloading dangerous hidden content.

Implementation

Configure the server to address for each resource (text, image, script, etc.) the ContentType header filled with the appropriate MIME type, for example:
  • text/html;
  • application/pdf.

Control

Using an HTTP headers inspection tool, check that the ContentType has the value corresponding to the type of resource.

By Opquast - Read the license