Set X-Content-Type-Options in ASP.net Core

X-Content-Type-Options is a header that tells a browser to not try and “guess” what a mimetype of a resource might be, and to just take what mimetype the server has returned as fact. At first this header seems kinda pointless, but it’s one of the simplest ways to block attack vectors that use javascript. For … Continue reading Set X-Content-Type-Options in ASP.net Core