Event 1063 - MIME Restrictions - Authoritative Content Type Handling
Applies To: Windows 7, Windows Vista
Windows® Internet Explorer® 8 uses MIME information to determine how to handle files sent by a Web server. If the reported MIME file type does not match the observed MIME file type, then the MIME Handling Restrictions feature reports the content handler as being unsafe. For each Web page that is sent to the browser, Internet Explorer will verify that the server reported content type matches the content type that is derived by parsing the page (sometimes called sniffing). For example, the server may send a Web page to a browser containing a MIME type for a text file, but that Internet Explorer sniffs to actually be an executable file.
Internet Explorer 8 manages this process by using authoritative content type handling. If a page is sent to the browser that has the "authoritative content type" header equal to true, then Internet Explorer will sniff the content, but will still treat the content as specified by the server. If the content type that is specified by the server is different from what is sniffed, and the sniffed type is considered potentially dangerous, then a warning will appear to the user. Here is an example of the types of extensions that will trigger the user prompt:
.ade
.adp
.app
.asp
.bas
.bat
.exe
.fxp
.gadget
.mshxml
.msi
When Is This Event Logged?
This event is logged when all of the following are true:
The server's specified content type is different from what is sniffed.
The sniffed type is considered potentially dangerous.
The X-Content-Type-Options header =
nosniff
Note
For more information, see the Event 1063-MIME Restrictions topic from Internet Explorer Application Compatibility.
Remediation
To avoid this issue, we recommend that you make your specified content type match the sniffed content type. However, if that is not possible, you can disable this feature by not setting the X-Content-Type-Options header value. By not setting this value, the MIME Restrictions logic is not run, and the event is not logged.
What Happens If I Disable This Security Feature?
If you disable this security feature, you will be more prone to malicious Web page attacks. Disabling this feature should only be used as a temporary measure during troubleshooting, to compare the behavior of the application when the feature is enabled and when it is disabled. It is not recommended that this feature be left disabled on an ongoing basis.