openUTM sets a number of header fields in an HTTP response. A distinction is made between header fields that must not be set by the user, and header fields that are only set by openUTM if they have not been set by the user.
List of header fields set by openUTM in an HTTP response that must not be set by the user:
- Connection
Specifies whether the connection is terminated by the HTTP server after sending the HTTP response.
openUTM always set this header field to the value "close", unless the client has set "keep-alive" in the HTTP request header connection. - Content-Length
Length of the message body. - Date
Date and time at the time of transmission.
Example: Mon, 28 Oct 2019 14:38:45 GMT - Server
Information about the UTM HTTP server in the form: "UTM HTTP SERVER openUTM version application name platform.
Example: UTM HTTP-SERVER V07.0A00 SAMPLE Linux Intel
List of header fields in an HTTP response that are only set by openUTM if they have not been set by the user:
- Cache-Control
Specifies whether and for how long the response may be stored by the client or by gateway hosts and reused as a response for subsequent identical requests.
By default, openUTM provides this header field with the value "no-cache, no-store, must-revalidate". - Content-Type
Specifies the MIME type and, if necessary, the character set of the message body.
openUTM set this header field as follows:text/html;charset=
if the TAC started by the HTTP request was selected without an HTTP descriptor or using an HTTP descriptor with HTTP EXIT=*SYSTEM
andthe request did not contain the HTTP header field Accept or the value of the header contained text/html or text/*, but not text/plain or neither text/... nor application/octet-stream.
text/plain;charset=
if the TAC started by the HTTP request was selectedusing an HTTP descriptor with HTTP-EXIT not equal to *SYSTEM and CONVERT-TEXT = *YES
orwithout an HTTP desciptor or an HTTP descriptor with HTTP-EXIT=*SYSTEM and the request contained the HTTP header field Accept with the value text/plain but not text/html.
application/octet-stream
if the TAC started by the HTTP request was selectedusing an HTTP descriptor with HTTP-EXIT not equal to *SYSTEM and CONVERT-TEXT = *NO
orwithout an HTTP descriptor or using an HTTP descriptor with HTTP EXIT=*SYSTEM and the request contained the HTTP header field Accept with the value application/octet-stream but not text/....
charset=
If the HTTP header field Content-type has the value text/html or text/plain, then the charset parameter is supplied as follows:Unix, Linux and Windows systems:
charset=ISO-8859-1BS2000 systems:
charset=<charset-name>If the TAC started by the HTTP request was selected without an HTTP descriptor or using an HTTP descriptor with CONVERT-TEXT=*YES and the request contained the HTTP header field Accept-Charset and the value of the header contained a name generated with CHAR-SET <charset-name>.
if the TAC started by the HTTP request was selected using an HTTP descriptor with CONVERT-TEXT=*YES and the request contained the Content-Type header and the value of the header contained a name generated with CHAR-SET <charset-name> and the request did not contain the HTTP header field Accept or the value of the header did not contain a name generated with CHAR-SET.
charset=ISO-8859-1
else
- X-Content-Type-Options
Prohibits MIME sniffing.
openUTM set this header field to the value "nosniff". - X-Frame-Options
Protection against clickjacking.
openUTM set this header field to the value "deny". - X-Xss-Protection
Filter for cross-site scripting.
openUTM set this header field to the value "1".