Missing Content Type HTTP header

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

This publicly exposed API endpoint does not implement the Content-Type and X-Content-Type-Options HTTP headers. These headers declare the resource’s media type, preventing browsers from performing MIME type sniffing. Without the headers, browsers may interpret the content in unexpected ways.

Remediation

  • Implement the Content-Type HTTP header with the appropriate value.

    Example header value:

    Content-Type: application/json; charset=utf-8

  • Add the X-Content-Type-Options header with the “nosniff” value to prevent MIME type sniffing.

    Example header value:

    X-Content-Type-Options: nosniff