Is mime-sniffing still something to protect against with modern browsers (with X-Content-Type-Options)?

I have read about X-Content-Type-Options and it says often that it protects against IE mime sniffing problems.
I am wondering if in 2021 it is still valid and a problem for modern browsers? In other words, will it be beneficial for my web … Continue reading Is mime-sniffing still something to protect against with modern browsers (with X-Content-Type-Options)?

How risky it is if a server allows client Javascript access to say an access token in header?

After authenticated by Google, a client browser attaches the idToken from Google to an application API server. Assuming google-auth-library auto-refresh an expired token, it now needs to send it back in header to client browser so new requ… Continue reading How risky it is if a server allows client Javascript access to say an access token in header?