rspec/rules/S5734/recommended.adoc

== Recommended Secure Coding Practices

Implement https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options[X-Content-Type-Options] header with _nosniff_ value (the only existing value for this header) which is supported by all modern browsers and will prevent browsers from performing MIME type sniffing, so that in case of Content-Type header mismatch, the resource is not interpreted. For example within a <script> object context, JavaScript MIME types are expected (like _application/javascript_) in the Content-Type header.
	`== Recommended Secure Coding Practices`

	Implement https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options[X-Content-Type-Options] header with _nosniff_ value (the only existing value for this header) which is supported by all modern browsers and will prevent browsers from performing MIME type sniffing, so that in case of Content-Type header mismatch, the resource is not interpreted. For example within a <script> object context, JavaScript MIME types are expected (like _application/javascript_) in the Content-Type header.