X-Content-Type-Options

Tells the web browser that the Content-Type headers are deliberately set and should be followed.

This HTTP Response header tells the web browser that the Content-Type headers are deliberately set and should be followed. Without this, browsers may use MIME type sniffing to guess at the Content-Type. They may do this when the Content-Type header is missing or when it is thought to be incorrect. Since types of content are executable, this can have some security consequences. The only valid value for this header is nosniff.

We have a detailed article about additional security headers if you want to fully protect your users. For more information, please read the documentation on MDN Web Docs.