You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This idea is good! Issues caused by MIME sniffing still exist. Adding 'no-type-sniffing' enables the developer to cut an extra field in HTTP headers.
valtlai
changed the title
Add directive similar to ‘X-Content-Type-Options: nosniff’?
Add directive similar to X-Content-Type-Options: nosniff?
Apr 27, 2021
Should CSP have a directive similar to
X-Content-Type-Options: nosniff
(as it does forX-Frame-Options
)? Maybe something likeno-type-sniffing
.The text was updated successfully, but these errors were encountered: