User:Apking/Web Security Guidelines: Difference between revisions

User:Apking/Web Security Guidelines (view source)

2 bytes removed , 5 January 2016

indentation

Anti-spam team, Confirmed users

99

edits

Revision as of 17:46, 5 January 2016 (view source) Apking (talk \| contribs) (Almost there) ← Older edit		Revision as of 17:54, 5 January 2016 (view source) Apking (talk \| contribs) (indentation) Newer edit →
Line 325:		Line 325:


	== X-Content-Type-Options ==		= X-Content-Type-Options =

	<tt>X-Content-Type-Options</tt> is a header supported by Internet Explorer and Chrome that tells it not to load scripts and stylesheets unless the server indicates the correct MIME type. Without this header, these browsers can incorrectly detect files as scripts and stylesheets, leading to XSS attacks. As such, all sites must set the <tt>X-Content-Type-Options</tt> header and set the appropriate MIME types for files that they serve.		<tt>X-Content-Type-Options</tt> is a header supported by Internet Explorer and Chrome that tells it not to load scripts and stylesheets unless the server indicates the correct MIME type. Without this header, these browsers can incorrectly detect files as scripts and stylesheets, leading to XSS attacks. As such, all sites must set the <tt>X-Content-Type-Options</tt> header and set the appropriate MIME types for files that they serve.