Tells the web browser that the Content-Type headers are deliberately set and should be followed.
This HTTP Response header tells the web browser that it should obey the Content-Type headers. Without this, browsers may use MIME type sniffing to guess at the Content-Type. They may do this when the Content-Type header is missing or when it is thought to be incorrect. This is one of those important security headers that servers should set in order to to protect their users.
To set this header, use one of the following two lines, depending on your server software. It is also important to set the Content-Type header to appropriate values for each file that the server sends to a client.Apache:
Header always set X-Content-Type-Options "nosniff"
add_header X-Content-Type-Options "nosniff" always;
The only valid value for this header is
nosniff, so copy and paste one of the above lines into your config file to enable this security feature.
Ready to validate your website to check for this header and 100+ others important tests?