X-Content-Type-Options

Checks for the presence of the 'X-Content-Type-Options' header, which protects against some attacks.

The X-Content-Type-Options HTTP Response header tells the web browser that the Content-Type headers are deliberately set and should be followed. Without this, browsers may use MIME type sniffing to guess at the Content-Type. They may do this when the Content-Type header is missing or when it is thought to be incorrect. Since types of content are executable, this can have some security consequences.

This test looks for the presence of this header with a value of nosniff. If the header is missing or if it contains any other value a warning will be displayed.

To learn more about this header and other security headers, please read our in-depth article on HTTP Headers That Protect Your Users.

Ready to validate your website for this test and 100+ others?