back to website

Werk #11607: Improve GUI security: Prevent changing content type

Component User interface
Title Improve GUI security: Prevent changing content type
Date Nov 19, 2020
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.0.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

All web pages served by Checkmk will now have the HTTP header Header always set X-Content-Type-Options: "nosniff" set. It prevents a client from guessing the content type based on the provided file. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured.

Further information can be found here:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options https://www.chromium.org/Home/chromium-security/corb-for-developers

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2026 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now