Technical Tip: How to enforce x-content-type-options HTTP security header on SSL-VPN web port

Description
This article describes how to enable x-content-type-options on SSL-VPN port.

Some PCI scans report the lack of some HTTP security headers on SSL-VPN port, one of which is x-content-type-options header.

Related link:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

This fix is only applicable on the SSL-VPN port, not on the admin web page port.

Solution
When this is reported for SSL-VPN however, x-content-type-options header are enforced.

To accomplish use the following command:

# Config vpn ssl settings
    Set x-content-type-options enable
end

Related Articles

PSIRT Note: X-Content-Type-Options HTTP Header missing on port 443