5 Matching Annotations
- May 2023
-
Tags
- csp
- sri
- http:header=strict-transport-security
- http:header=x-content-type-options
- http
- http:header=referrer-policy
- wikipedia:en=Session_hijacking
- wikipedia:en=Man-in-the-middle_attack
- security
- http:header=content-security-policy
- wikipedia:en=Data_breach
- wikipedia:en=Cross-site_request_forgery
- wikipedia:en=Clickjacking
- hsts
- http:header=x-frame-options
Annotators
URL
-
- Mar 2021
-
stackoverflow.com stackoverflow.com
-
github.blog github.blog
-
We added the X-Content-Type-Options: nosniff header to our raw URL responses way back in 2011 as a first step in combating hotlinking. This has the effect of forcing the browser to treat content in accordance with the Content-Type header. That means that when we set Content-Type: text/plain for raw views of files, the browser will refuse to treat that file as JavaScript or CSS.
-
-
developer.mozilla.org developer.mozilla.org
- Oct 2019
-
raw.githack.com raw.githack.com
-
When you request a file from raw.githubusercontent.com, gist.githubusercontent.com, bitbucket.org or gitlab.com, they are usually served (in the case of JavaScript, HTML, CSS, and some other file types) with a Content-Type of text/plain. As a result, most modern browsers won't actually interpret it as JavaScript, HTML, or CSS.
-