Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Audit for preventing mismatched mime types (x-nosniff)
See original GitHub issueProvide the steps to reproduce
- Run LH on https://developers.google.com/speed/pagespeed/insights
- Audit a page which set
Content-Type: image/webponjpgand/orpngimages
What is the current behavior?
- Page passes
Serve images in next-gen formatstest even though it doesn’t serve images in next-gen formats - Pages which deliver
jpgandpngimages withContent-Type: image/webpget better results
What is the expected behavior?
- Audit detects
jpgorpngimages withContent-Type: image/webpare no next-gen formats (e.g. check if the file extension of those images iswebp) - Consider adding penalty points in ranking at pages which deliver no next-gen images but cheat by delivering images with a wrong
Content-Type
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Resource blocked due to MIME type mismatch (X-Content ...
Check if the file path is correct and the file exists - in my case that was the issue - as I fixed...
Read more >X-Content-Type-Options - HTTP - MDN Web Docs - Mozilla
The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.
Read more >Understanding the Four Types of Audit Reports
Auditors use all types of qualified reports to alert the public as to the transparency, reliability and accountability of companies.
Read more >11 Different Types of Audits That Can Help Your Business
An audit is a form of investigation. Auditors may be hired to examine financial statements, management accounts and reports, accounting records, ...
Read more >AS 2301: The Auditor's Responses to the Risks of Material ...
.04 This standard discusses the following types of audit responses: ... satisfy the company's control objectives and can effectively prevent or detect error ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We’ve decided this is best solved by an audit that flags requests without
x-nosniff. If anyone would like to write this complete audit proposal, be our guest 😃1 and 2 are the options I prefer 😃
I would be against 3 for the same reason we filter out other explicit actions against our advice. If you’ve taken the time to move to WebP and you wanted a quality setting higher than our threshold, just go for it, we shouldn’t bother.