X-Content-Type-Options stops browsers from trying to guess a file's type based on its content instead of trusting the Content-Type header your server sent — that guessing ('MIME sniffing') is how attackers get a browser to execute a file uploaded as an image as if it were a script.
MIME sniffing lets browsers guess file types and execute malicious files as scripts. This header disables that behaviour entirely.
The response header X-Content-Type-Options: nosniff appears on every page.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →