1

I'm doing penetration testing for a project, and I'm using ZAP. It keeps telling me to set these so I do, but ZAP keeps giving me the same warnings for it.

I used this at the start of the php tag:

header('X-Content-Type-Options: nosniff');
header('X-Frame-Options=SAMEORIGIN');

and this at the start of an html file:

X-Content-Type-Options: nosniff
X-Frame-Options=SAMEORIGIN

Can anyone tell me why this isnt working? It worked fine the last time I did this.

Praveen Kumar Purushothaman
  • 164,888
  • 24
  • 203
  • 252
Rwarfield
  • 65
  • 6
  • show the warning text – RomanPerekhrest Dec 08 '15 at 21:00
  • The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing. This is what it gives me for the one, the other is essentially the same thing but for the other option. – Rwarfield Dec 08 '15 at 21:03
  • You put THAT in a HTML file? – Praveen Kumar Purushothaman Dec 08 '15 at 21:03
  • @PraveenKumar Yes, it worked on my last project when I had to address these warnings. This time it isn't, I did it the same way. – Rwarfield Dec 08 '15 at 21:05
  • Man, man... What's ZAP first? – Praveen Kumar Purushothaman Dec 08 '15 at 21:07
  • @PraveenKumar It's a tool that my school makes me use to do security testing on my websites. It's called OWASP ZAP. – Rwarfield Dec 08 '15 at 21:09
  • look like it's duplicate of http://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff – RomanPerekhrest Dec 08 '15 at 21:22
  • @RomanPerekhrest I tried doing what that page suggested, but I still get the error. I think I might be putting it in the wrong spot? I put it at the start of the file. – Rwarfield Dec 08 '15 at 21:29

0 Answers0