X-Content-Type-Options: nosniff header

Over the past two months, we’ve received significant community feedback that using a new attribute on the Content-Type header would create a deployment headache for server operators. To that end, we have converted this option into a full-fledged HTTP response header. Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type.

For example, given the following HTTP-response:

HTTP/1.1 200 OK
Content-Length: 108
Date: Thu, 26 Jun 2008 22:06:28 GMT
Content-Type: text/plain;
X-Content-Type-Options: nosniff

This page renders as HTML source code (text) in IE8.

Read More X-Content-Type-Options: nosniff header


Things to know about .htaccess before you dive in

.htaccess files are quite tricky because of how powerful they are. You can disable your entire server with one typo, so its not something to take lightly. Over at Narendra Dhami’s blog he’s written a nice little intro with warning.… Read More Things to know about .htaccess before you dive in