SAP Knowledge Base Article - Preview

3221263 - Does SAP BusinessObjects support the X-Content-Type-Options nosniff option?


X-Content-Type-Options nosniff is a security setting that prevents the browser from guessing the mime type of files so that certain kinds of attacks are mitigated. 

  • Either you are planning to use this option or your security scans return message such as below - 
    Website does not implement X-Content-Type-Options Best Practices - Add the following header to responses from this website: 'X-Content-Type-Options: nosniff'.
  • In case you are already have 'X-Content-Type-Options: nosniff'' enabled, then BI Launchpad and CMC may not work as expected. 
  • You are experiencing issues such as the ones discussed in KBA  3073756
  • The following information is required -
    • Is X-Content-Type-Options nosniff supported for use with SAP BusinessObjects and it’s add ons in 4.2 and 4.3?
    • If this support is contingent on a particular patch level what patch level is that?



SAP BI Platform 4.2  / 4.3 all patch levels
All supported OS and operating platforms 


SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3


X-Content-Type-Options nosniff support 4.2 4.3 Businessobjects BI Platform freeze fail header , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.