Content sniffing

The website lacks content sniffing hardening techniques. In other words, this page does not have a header to prevent content sniffing.

This may open up for XSS attacks as browsers will attempt to guess how to render specific resources without the correct policies. Internet Explorer is the only popular web browser affected by this.

What can happen?

The worst case scenario has the very same impact as XSS, read more about that risk here.

Remediation

Add an X-Content-Type-Options header and set the value to nosniff. How this is done varies per framework and platform.

Resources