X-Content-Type-Options

The site prevents mime type sniffing.

Impact

(How ScanGov measures tasklist priorities.)

Why it's important

The X-Content-Type-Options header helps prevent browsers from interpreting files as a different MIME type than what is specified. This is a security measure that prevents certain types of attacks, such as MIME sniffing. Without this header, there is a risk that malicious content might be executed if a browser misinterprets the type of content being served.

User stories

Error

(ScanGov messaging when a site fails a standard)

Mime type sniffing is not prevented.

Guidance

OWASP Top 10

Indicator

Security