"X-content-type-options" header missing from Reverse API response

[dsantos747]

I have noticed an possible issue with using the Nominatim API, specifically the "reverse" endpoint.
After making a call to the API endpoint using the fetchAPI, developer tools is indicating to me that the response is missing the "x-content-type-options" header. Is there a specific reason for this? I thought it was a pretty much mandatory security header in all requests/responses (forgive me if I am wrong about this).

I am using the latest version of the Python API (https://nominatim.openstreetmap.org/reverse?lat=&lon=&). My app is under local development, but I am making the request using the Fetch API, and am using Microsoft Edge Developer Tools

[mtmail]

The API doesn't serve any executable MIME types (e.g. javascript) so the security treat that a browser accidentially upgrades a non-executable as execuatable isn't given I think. I assume your Microsoft Edge Developer Tools only prints a notification or warning but the fetch request still works?

https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md#determining-whether-a-response-is-corb_protected

[dsantos747]

Ah, thank you for clarifying that for me! Edge dev tools marks this as an "Error", but you are right in that the fetch request is successful.
Sorry if that was a silly question - but thanks for helping me understand :)