Set X-Content-Type-Options nosniff.

Setting this header will prevent the browser from interpreting files as
something else than declared by the content type in the HTTP
headers. This will prevent the browser from MIME-sniffing a response
away from the declared content-type.

When this is not set, older versions of Internet Explorer and Chrome
perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other
than the declared content type.

0 files changed, 0 insertions, 0 deletions