X-Content-Type-Options (Security)

The site prevents mime type sniffing.

• Rescan
• Share
  • This page
  • LinkedIn
  • Bluesky
  • Mastodon
  • X
  • Email

Impact

(ScanGov impact)

About

X-Content-Type-Options is a security header that:

• Prevents browsers from MIME-sniffing.
• Ensures content is rendered as declared (e.g., no misinterpretation of file types).
• Stops browsers from guessing content types, enhancing security.

Why it's important

Stops browsers from guessing file types, helping prevent security risks by enforcing correct content handling.

Error

(ScanGov messaging when a site fails a standard)

Missing or wrong X-Content-Type-Options setting.

Guidance

• OWASP Top 10

Indicators

• Security