X-Content-Type-Options Header Missing
问题 I am developing a web application in angularjs5. The security team is testing our application and raised the bug. Description: The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ' nosniff '. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will