Issue: Missing "X-Content-Type-Options" header

Description:

The server uses the X-Content-Type-Options response HTTP header to prevent browsers from guessing the media type (MIME type). This is known as MIME sniffing, in which the browser guesses the correct MIME type by looking at the contents of the resource. The absence of this header might cause browsers to transform non-executable content into executable content.

Remediation:

This issue can be mitigated in ZIETrans applications by setting "X-Content-Type-Options".

Refer to below link for more information about Enabling X-Content-Type-Options :

Enable XSS Protection