"Web Server Misconfiguration: Insecure Content-Type Setting" vulnerability detected after version upgrade

After I upgraded the elastic stack to 8.6.0 and carried out a vulnerability scan on Kibana using the microfocus tool, there were vulnerabilities as follows:

I have made changes to the Kibana configuration, namely changing

server.securityResponseHeaders.xContentTypeOptions: "nosniff"

but that does not solve the problem, this vulnerability is still detected in the next scan.

Please suggest me any solution to rectify this.

Hey @Septianingrum.17 !

"nosniff" is the default value for that setting.

Can you provide more info about which endpoint you're running against?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.