I'm doing penetration testing for a project, and I'm using ZAP. It keeps telling me to set these so I do, but ZAP keeps giving me the same warnings for it.
I used this at the start of the php tag:
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options=SAMEORIGIN');
and this at the start of an html file:
X-Content-Type-Options: nosniff
X-Frame-Options=SAMEORIGIN
Can anyone tell me why this isnt working? It worked fine the last time I did this.