Besides the Internet Engineering Task Force and W3 standards, VMware Horizon 8 employs other measures to protect communication that uses the HTTP protocol.
What to read next
Reducing MIME Type Security Risks By default, VMware Horizon 8 sends the header x-content-type-options: nosniff in its HTTP responses to help prevent attacks based on MIME-type confusion.
Mitigating Cross-Site Scripting Attacks By default, VMware Horizon 8 employs the XSS (cross-site scripting) Filter feature to mitigate cross-site scripting attacks by sending the header x-xss-protection=1; mode=block in its HTTP responses.
Content Type Checking By default, VMware Horizon 8 accepts requests with the following declared content types only:
Client Behavior Monitoring Connection Servers have finite resources available to handle requests from clients, and misbehaving clients can tie up those resources, preventing others from being serviced. Client behavior monitoring is a class of detections and mitigation that protect against bad behavior.
User Agent Allowlisting Set an allowlist to restrict user agents that can interact with VMware Horizon 8 . By default, all user agents are accepted.
Host Checking To frustrate host injection attacks, the Host header in each incoming request is checked against a list of expected host names.