Security Audit Report
Pages Router
81
Routes
0
Query Params
2
Custom Headers
The X-Content-Type-Options header is not set
The X-Content-Type-Options header is not set. This header prevents MIME-sniffing attacks by instructing browsers to respect the declared Content-Type. Modern browsers have largely mitigated MIME-sniffing risks.
Location
https://tally.so
Remediation
Add an X-Content-Type-Options header in next.config.js:
async headers() { return [{ source: '/(.*)', headers: [ { key: 'X-Content-Type-Options', value: 'nosniff' }, ], }] }
Other Recent Reports
