X-Content-Type-Options

Prevents MIME-type sniffing. nosniff tells browser to respect declared Content-Type.

Response

Syntax

X-Content-Type-Options: nosniff

Example values

ValueExplanation
nosniffOnly valid value

cURL usage

curl -I https://example.com  # Check security headers

Common mistakes

Not setting; allows XSS via MIME confusion.

Related headers

Content-TypeX-Frame-Options

Tools

HTTP Header Viewer →