11.6 HTTP headers in Requests and Responses contain only printable ASCII

Verify that all API responses contain X-Content-Type-Options: nosniff and Content-Disposition: attachment; filename=”api.json” (or other appropriate filename for the content type).

Levels: 1, 2, 3