Prevent MIME types of security risk

Prevent MIME types of security risk by adding this header to your web page’s HTTP response. Having this header instructs browser to consider file types as defined and disallow content sniffing. There is only one parameter you got to add “nosniff”.

Let’s see how to advertise this header.


You can do this by adding the below line in httpd.conf file

Header set X-Content-Type-Options nosniff

Don’t forget to restart the Apache webserver to get the configuration active.


Add the following line in nginx.conf file under server block.

add_header X-Content-Type-Options nosniff;

As usual, you got to restart the Nginx to check the results.

Microsoft IIS

Open IIS and go to HTTP Response Headers

Click on Add and enter the Name and Value

Click OK and restart the IIS to verify the results.

Scroll to Top