Respondly: X-Content-Type-Options header missing

2014-04-18T16:31:24
ID H1:8053
Type hackerone
Reporter karthic
Modified 2014-05-21T03:32:00

Description

URL : https://respond.ly/

Description : The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'

Solution : This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown