X-CONTENT-TYPE-OPTIONS HEADER MISSING

Feature Value
Type Detection
Risk -
Covered by Agent

The application is not using X-Content-Type-Options header. Using this header will prevent the browser from MIME-sniffing a response away from the declared content-type.

More information

How to solve it

Send the proper header:

    X-Content-Type-Options: nosniff