General Discussions

Expand all | Collapse all

FG WebUI Login Page Security Headers (X-Content-Type-Options) Missing

  • 1.  FG WebUI Login Page Security Headers (X-Content-Type-Options) Missing

    Posted 18 days ago
    Is there a way to add "X-Content-Type-Options: nosniff" in the WebUI Login page header?


  • 2.  RE: FG WebUI Login Page Security Headers (X-Content-Type-Options) Missing

    Posted 2 days ago
    can't find a way to do this.

    did find this article by Fortinet security team which you might use to show that it is not needed (assuming the original requirement comes from a security review):

    https://community.fortinet.com/t5/FortiGate/PSIRT-Note-X-Content-Type-Options-HTTP-Header-missing-on-port/ta-p/193545