Created attachment 918445 [details]
revok detailed report
If a MIME type mismatch is found and nosniff header is missing, it increases chances of getting exposed to XSS attacks. Some browsers will automatically switch to using an interpreter for the real content type. This increases exposure to XSS attack.
To mitigate chances of exposing it define response header X-Content-Type-Options: nosniff or make sure MIME type mismatch not exist
For details see revok report in attachment