sketch2scheme.com

The X-Content-Type-Options header is not set. This header prevents MIME-sniffing attacks by instructing browsers to respect the declared Content-Type. Modern browsers have largely mitigated MIME-sniffing risks.

async headers() {
  return [{
    source: '/(.*)',
    headers: [
      { key: 'X-Content-Type-Options', value: 'nosniff' },
    ],
  }]
}