In order to improve the security of your site (and your users) against some types of drive-by-downloads,
it is recommended that you add the following header to your site:
It is supported by IE (Internet Explorer) and Chrome and prevents them from MIME-sniffing a response from the declared content-type.
This article from Microsoft explains it: Reducing MIME type security risks
Enabling this header
You can enable it by modifying your Apache settings or your
.htaccess file, and adding the following line to it:
Header set X-Content-Type-Options nosniff
Note: this is enabled by default for all users.
You can enable it on your WAF (along with other security headers) by enabling “Additional Security Headers”.
If you have any questions, please contact our research team at firstname.lastname@example.org.