2021-07-02 14:10:29 +00:00
|
|
|
id: missing-x-content-type-options
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: X-Content-Type-Options unidentified
|
|
|
|
author: G4L1T0 and @convisoappsec
|
|
|
|
severity: info
|
|
|
|
description: Check for X-Content-Type-Options header
|
2021-08-11 08:00:36 +00:00
|
|
|
tags: misc,generic
|
2021-07-02 14:10:29 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- '{{BaseURL}}'
|
|
|
|
redirects: true
|
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- '!contains(tolower(all_headers), ''x-content-type-options'')'
|