← Back to Security Headers

X-Content-Type-Options

Prevents MIME type sniffing attacks by forcing browsers to respect declared content types.

X-Content-Type-Options

Purpose

Stops browsers from guessing content types, which can lead to XSS vulnerabilities.

Implementation

Set to nosniff:

```
X-Content-Type-Options: nosniff
```

Examples

  • nosniff

Best Practices

  • Always set to nosniff
  • Ensure correct Content-Type headers are set
  • Test file uploads and downloads

Common Mistakes

  • Not setting the header
  • Incorrect Content-Type values
  • Missing header on API responses

Related Headers

Content-Security-Policy

References

Test Your Configuration

Run a free security scan to check if X-Content-Type-Options is properly configured on your site.