Rule from http under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
It is recommend to disable sniffing for content-type. This is done with the
X-Content-Type-Options: nosniff header, which is expected on your response.
The header was found but was not configured configured according to the recommendation of disabling content sniffing with
The recommended value we require is:
Simply configure the header according to the following recommendation.
Although you may set http headers in your application code it is often simpler to configure the web server to set it properly.
// nginx add_header X-Content-Type-Options nosniff; // apache <IfModule mod_headers.c> Header set X-Content-Type-Options: nosniff </IfModule>
Else the application code needs to be updated to output the header as such:
This will disable content sniffing on older browsers like IE6.
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started