問題:
I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message:我正在使用 OWASP ZAP 在我的本地主機上進行一些滲透測試,它不斷報告此消息:
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' Anti-MIME-Sniffing 標頭 X-Content-Type-Options 未設置爲“nosniff”
This check is specific to Internet Explorer 8 and Google Chrome.此檢查特定於 Internet Explorer 8 和 Google Chrome。 Ensure each page sets a Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown如果 Content-Type 標頭未知,請確保每個頁面都設置一個 Content-Type 標頭和 X-CONTENT-TYPE-OPTIONS
I have no idea what this means, and I couldn't find anything online.我不知道這是什麼意思,我在網上找不到任何東西。 I have tried adding:我試過添加:
<meta content="text/html; charset=UTF-8; X-Content-Type-Options=nosniff" http-equiv="Content-Type" />
but the I still get the alert.但我仍然收到警報。
What is the correct way of setting the parameter?設置參數的正確方法是什麼?
解決方案:
參考一: https://stackoom.com/question/1EwSE參考二: What is “X-Content-Type-Options=nosniff”?