Description
For every response containing a message body, the Admin UI should include a single Content-type header that correctly and unambiguously states the MIME type of the content in the response body. Additionally, the response header "X-Content-Type-Options: nosniff" should be returned in all responses to reduce the likelihood that browsers will interpret content in a way that disregards the explicit Content-type header. |