X-Content-Type-Options Header is not set.
ofgrenudo opened this issue · comments
Joshua Winters-Brown commented
What happened?
- /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
Hugo version
0.115.2
Theme version
v3.21.0
What browsers are you seeing the problem on?
Firefox, Chrome, Safari, Microsoft Edge
More information about the browser
No response
Relevant log output
No response
Link to Minimal Reproducible Example
rmdhnreza commented
This should be settings on the server, no?
Jimmy Cai commented
I agree with @rmdhnreza, this header should be set on the server since it's an HTTP thing and this theme has no control over it.