How does mime-sniffing enable a drive by download attack?
A frequent recommendation for hardening Web App response headers is "X-Content-Type-Options: nosniff" with the reasoning that preventing mime-sniffing reduces exposure to drive-by download attacks.
Can anyone explain the reasonin… Continue reading How does mime-sniffing enable a drive by download attack?