Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

HTTP headers | X-Content-Type-Options

  • Last Updated : 14 Sep, 2021

The HTTP headers X-Content-Type-Options acts as a marker that indicates the MIME-types headers in the content types headers should not be changed to the server. This header was introduced in the Internet Explorer 8 of Microsoft. This header block the content sniffing (non-executable MIME type into executable MIME type). After that, all the other browsers also introduce the X-Content-Type-Options, and their MIME sniffing algorithms were less aggressive. 

Syntax:  

x-content-type-options: nosniff

Directives: There is a single directive accepted by X-Content-Type-Options header.  

  • nosniff: It blocks all request if there “style” MIME-type is not text/css and JavaScript MIME-type. Plus it enables the cross origin if there MIME-Type text/html, text/plain, text/jason, application/jason and any type of xml extension.

Example:  

x-content-type-options: nosniff

To check the X-Content-Type-Options in action go to Inspect Element -> Network check the request header for x-content-type-options like below. 

Supported Browsers: The browsers compatible with x-content-type-options header are listed below: 

  • Google Chrome
  • Internet Explorer
  • Firefox
  • Opera

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!