sullo
commented
8 months ago What version are you running?
Using the latest I do not get that output against cirt.net and the header is set. Can you try there also? If not if you can send me your site I can take a look.
Thanks
On Wed, Jan 17, 2024 at 9:11 AM Jean-Claude Vignoli < @.***> wrote:
Output of suspected false positive / negative
Nikto reports that
Description /otb6DXxr.php#: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
although I set up that very header in .htaccess. If I curl -I (mywebsite/otb6DXxr.php#) I get the proper "x-content-type-options: nosniff" header.
I can provide my website URL for further tests, but it's probably a bug affecting all websites.
— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/821, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALICRHHQQ3R5KTYFNEVFZLYO7LZ7AVCNFSM6AAAAABB6TQHAKVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA4DMMRXHA3TCOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
--
jcvignoli
Output of suspected false positive / negative
Nikto reports that
Description /otb6DXxr.php#: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.although I set up that very header in .htaccess. If I
curl -I (mywebsite/otb6DXxr.php#)I get the proper "x-content-type-options: nosniff" header.I can provide my website URL for further tests, but it's probably a bug affecting all websites.