Always set content-type & nosniff

pkg/controller/garbagecollector/dump.go

@@ -273,6 +273,8 @@ func (h *debugHTTPHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
+	w.Header().Set("Content-Type", "text/vnd.graphviz")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Write(data)
 	w.WriteHeader(http.StatusOK)
 }

pkg/proxy/healthcheck/healthcheck.go

@@ -210,6 +210,7 @@ func (h hcHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 	h.hcs.lock.RUnlock()
 
 	resp.Header().Set("Content-Type", "application/json")
+	resp.Header().Set("X-Content-Type-Options", "nosniff")
 	if count == 0 {
 		resp.WriteHeader(http.StatusServiceUnavailable)
 	} else {
@@ -338,6 +339,7 @@ func (h healthzHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 	currentTime := h.hs.clock.Now()
 
 	resp.Header().Set("Content-Type", "application/json")
+	resp.Header().Set("X-Content-Type-Options", "nosniff")
 	if !lastUpdated.IsZero() && currentTime.After(lastUpdated.Add(h.hs.healthTimeout)) {
 		resp.WriteHeader(http.StatusServiceUnavailable)
 	} else {

pkg/util/configz/configz.go

@@ -118,6 +118,7 @@ func write(w http.ResponseWriter) error {
 		return fmt.Errorf("error marshaling json: %v", err)
 	}
 	w.Header().Set("Content-Type", "application/json")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
 	_, err = w.Write(b)
 	return err
 }