felder101
commented
3 months ago I believe this vulnerability is a false positive based on the documentation provided by cloud.gov. The recommended remedy to add the X-Content-Type-Options header with a value of "nosniff" to inform the browser to trust what the site has sent is the appropriate content-type, and to not attempt "sniffing" the real content-type is being done by cloud.gov. Verified value is set and is set within the response headers
Cloud.gov documentation https://cloud.gov/docs/management/headers/
JennaySDavis
Invicti Enterprise detected a missing X-Content-Type-Options header which means that this website could be at risk of a MIME- sniffing attacks.