X-Content-Type-Options


Description

The application does not use an X-Content-Type-Options header. This header was introduced by Microsoft in IE 8 as a way to allow web servers to indicate that content type headers should not be overridden by browsers sniffing the resource’s mime type.  The X-Content-Type-Options header with the nosniff option can be used to prevent attacks that depend on MIME sniffing to enable the execution of files or scripts. 

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply