Security Headers - X-Content-Type: nosniff

In order to improve the security of your site (and your users) against some types of drive-by-downloads,
it is recommended that you add the following header to your site:

  X-Content-Type-Options: nosniff

It is supported by IE (Internet Explorer) and Chrome and prevents them from MIME-sniffing a response from the declared content-type.

This article from Microsoft explains it: Reducing MIME type security risks

Enabling this header

You can enable it by modifying your Apache settings or your .htaccess file, and adding the following line to it:


  Header set X-Content-Type-Options nosniff

Sucuri customers

Note: this is enabled by default for all users.

You can enable it on your WAF (along with other security headers) by enabling “Additional Security Headers”.

If you have any questions, please contact our research team at research@sucuri.net.

Was this article helpful?

Security Headers – X-Content-Type: nosniff

Enabling this header

Sucuri customers

Popular Articles

How do I find my FTP information?

Sucuri Firewall Troubleshooting Guide

Facebook Unable to Get Page Details

Brute Force

Hardening

Warnings