Goal
- Reduce the risk of downloading dangerous hidden content.
Implementation
Configure the server to address for each resource (text, image, script, etc.) the ContentType header filled with the appropriate MIME type, for example:
- text/html;
- application/pdf.
Control
Using an HTTP headers inspection tool, check that the ContentType has the value corresponding to the type of resource.
Discover Opquast training and certification
The objective of these rules and the Opquast community mission is ‘making the web better’ for your customers and for everyone! Opquast rules cover the key major areas of risk that can negatively affect website users such as privacy, ecodesign, accessibility and security.
Opquast training has already allowed over 19,000 web professionals to have their skills certified. Train your teams, contact us
We offer a 1 hour free discovery module.