X-Content-Type-Options Header is not set.

Question

ofgrenudo opened this issue 8 months ago · comments

/: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/

0.115.2

v3.21.0

Firefox, Chrome, Safari, Microsoft Edge

No response

No response

rmdhnreza · Answer 1 · Tue Feb 27 2024 21:01:05 GMT+0800 (China Standard Time)

This should be settings on the server, no?

Jimmy Cai · Answer 2 · Sun Mar 03 2024 06:12:28 GMT+0800 (China Standard Time)

I agree with @rmdhnreza, this header should be set on the server since it's an HTTP thing and this theme has no control over it.