Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Content sniffing

Last Updated: Apr 21, 2017 08:11PM CEST

The website lacks content sniffing hardening techniques. In other words, this page does not have a header to prevent content sniffing.

This may open up for XSS attacks as browsers will attempt to guess how to render specific resources without the correct policies. Internet Explorer is the only popular web browser affected by this.

What can happen?

The worst case scenario has the very same impact as XSS, read more about that risk here.

Remediation

Add an X-Content-Type-Options header and set the value to nosniff. How this is done varies per framework and platform.

Resources

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete