The X-Content-Type-Options header informs browsers not to load scripts and stylesheets unless the server indicates the correct MIME type.
Without proper MIME type verification, browsers might incorrectly detect non-script and non-stylesheet files as scripts or stylesheets. This error allows potentially malicious files to be loaded via <script> and <link> elements as part of Cross-site scripting (XSS) attacks.
All sites must set the X-Content-Type-Options header with a value of nosniff, and set appropriate MIME types for the files they serve (i.e., via the Content-Type header).
nosniff blocks a request if the request destination:
style and the MIME type is not text/css.script and the MIME type is not a valid JavaScript MIME type.Prevent browsers from incorrectly detecting non-stylesheets as stylesheets and non-scripts as scripts:
X-Content-Type-Options: nosniff
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4