Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive: The X-Content-Type-Options header is not set #803

Closed
happysalada opened this issue Dec 4, 2023 · 0 comments
Closed

False Positive: The X-Content-Type-Options header is not set #803

happysalada opened this issue Dec 4, 2023 · 0 comments
Labels
bug

Comments

@happysalada
Copy link

happysalada commented Dec 4, 2023
edited
Loading

Output of suspected false positive / negative

here is the full output

.: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/

in the headers plugin nikto tries to get the path "."
upon a 400 response, it will complain about the X-Content-Type-Options header not being set. the header plugin should only complain about missing headers on 200 response right ?

let me know if you would like more details.

(I'm running the freshly released 2.5.0

Thank you so much for making nikto!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sullo @happysalada