Merge remote-tracking branch 'origin/support/2.7' into support/3.0

# Conflicts:
#	application/ajaxwebpage.class.inc.php
#	application/csvpage.class.inc.php
#	application/itopwebpage.class.inc.php
#	application/webpage.class.inc.php
#	application/xmlpage.class.inc.php
#	datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php
#	pages/ajax.document.php
#	pages/ajax.render.php
#	sources/application/TwigBase/Controller/Controller.php
#	webservices/export-v2.php

sources/application/WebPage/WebPage.php

@@ -1002,12 +1002,25 @@ JS;
 		$this->a_headers[] = $s_header;
 	}
 
+	/**
+	 * @param string|null $sXFrameOptionsHeaderValue passed to {@see add_xframe_options}
+	 *
+	 * @return void
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation, replace {@see add_xframe_options} consumers call
+	 */
+	public function add_http_headers($sXFrameOptionsHeaderValue = null)
+	{
+		$this->add_xframe_options($sXFrameOptionsHeaderValue);
+		$this->add_xcontent_type_options();
+	}
+
 	/**
 	 * @param string|null $sHeaderValue for example `SAMESITE`. If null will set the header using the config parameter value.
 	 *
 	 * @since 2.7.3 3.0.0 N°3416
 	 * @uses security_header_xframe config parameter
 	 * @uses \utils::GetConfig()
+	 *
 	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
 	 */
 	public function add_xframe_options($sHeaderValue = null)
@@ -1019,6 +1032,17 @@ JS;
 		$this->add_header('X-Frame-Options: '.$sHeaderValue);
 	}
 
+	/**
+	 * @return void
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation
+	 *
+	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+	 */
+	public function add_xcontent_type_options()
+	{
+		$this->add_header('X-Content-Type-Options: nosniff');
+	}
+
 	/**
 	 * Add needed headers to the page so that it will no be cached
 	 */