HTTP headers | X-Content-Type-Options

The HTTP headers X-Content-Type-Options acts as a marker that indicates the MIME-types headers in the content types headers should not be changed to the server. This header was introduced in the Internet Explorer 8 of Microsoft. This header block the content sniffing (non-executable MIME type into executable MIME type). After that, all the other browsers also introduce the X-Content-Type-Options, and their MIME sniffing algorithms were less aggressive.

Syntax:

x-content-type-options: nosniff

Directives: There is a single directive accepted by X-Content-Type-Options header.



  • nosniff: It blcoks all request if there “style” MIME-type is not text/css and JavaScript MIME-type. Plus it enables the cross origin if there MIME-Type text/html, text/plain, text/jason, application/jason and any type of xml extension.

Example:

x-content-type-options: nosniff

To check the X-Content-Type-Options in action go to Inspect Element -> Network check the request header for x-content-type-options like below.

Supported Browsers: The browsers compatible with x-content-type-options header are listed below:

  • Google Chrome
  • Internet Explorer
  • Firefox
  • Opera
My Personal Notes arrow_drop_up


If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :

Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.