MIME sniffing represents the action that the browser does in retrieving a content type on its own (even if the
Content-Type header is present).
The simplest example involves a client sending an
Two steps to follow for the mitigation:
Include a valid
X-Content-Type-Options with the directive