X-Content-Type-Options

Ensures content renders as declared.

Guidance

All government websites must have X-Content-Type-Options designated.

About

X-Content-Type-Options is a security header that:

Prevents browsers from MIME-sniffing.
Ensures content is rendered as declared (e.g., no misinterpretation of file types).
Stops browsers from guessing content types, enhancing security.

Code

Example header:

X-Content-Type-Options: nosniff

Example HTML code:

<!-- Example of setting X-Content-Type-Options in a meta tag -->
<meta http-equiv="X-Content-Type-Options" content="nosniff">

Links

X-Content-Type-Options (Mozilla)
Security-related HTTP headers (Cloud.gov)

On this page

Guidance
About
Code
Links