Description
As per Security best practices, Zeppelin server should have an option to include "X-Content-Type-Options: nosniff" header in HTTP response.
Presence of this header prevents MIME type sniffing attack on web server. Additional info can be found at Mozilla HTTP Header doc
Attachments
Issue Links
- links to