BASH

Configure X-Content-Type-Options: nosniff Header to Prevent MIME-Sniffing Attacks

Enhance web security by configuring the `X-Content-Type-Options: nosniff` header in Nginx or Apache, preventing browsers from misinterpreting content types and mitigating XSS risks.

# Nginx Configuration Example
server {
    listen 80;
    server_name example.com;

    add_header X-Content-Type-Options "nosniff";

    location / {
        # Your existing Nginx configuration
        try_files $uri $uri/ /index.html;
    }
}

# Apache Configuration Example (in .htaccess or httpd.conf)
# <IfModule mod_headers.c>
#    Header always set X-Content-Type-Options "nosniff"
# </IfModule>
How it works: This snippet provides configuration examples for Nginx and Apache to set the `X-Content-Type-Options: nosniff` HTTP header. This header prevents browsers from "sniffing" or guessing the MIME type of a resource, forcing them to use the server-declared `Content-Type`. This is a critical security measure to mitigate XSS attacks where an attacker might upload a malicious file (e.g., a JavaScript file disguised as an image) which the browser could then execute if sniffing were allowed.

Need help integrating this into your project?

Our team of expert developers can help you build your custom application from scratch.

Hire DigitalCodeLabs