X-Content-Type-Options

The site prevents mime type sniffing.

Copy link
- LinkedIn
- Bluesky
- X
- Facebook

Indicators

Security

Impact

(How ScanGov measures tasklist priorities.)

About

`X-Content-Type-Options` is a security header that:

Prevents browsers from MIME-sniffing.
Ensures content is rendered as declared (e.g., no misinterpretation of file types).
Stops browsers from guessing content types, enhancing security.

Why it's important

Stops browsers from guessing file types, helping prevent security risks by enforcing correct content handling.

Error

(ScanGov messaging when a site fails a standard)

Missing or wrong X-Content-Type-Options setting.

Guidance

OWASP Top 10