Checkmk Werk 11607: Improve GUI security: Prevent changing content type

ID: 11607 Title: Improve GUI security: Prevent changing content type Component: Multisite Level: 1 Class: Security fix Version: 2.0.0i2 All web pages served by Checkmk will now have the HTTP header <tt>Header always set X-Content-Type-Options: "nosniff"</tt> set. It prevents a client from guessing the content type based on the provided file. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured. Further information can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Op… https://www.chromium.org/Home/chromium-security/corb-for-developers