X-Content-Type-Options (MIME sniffing) explained

What it is

X-Content-Type-Options is an HTTP response header. When set to nosniff, it tells the browser to use the declared Content-Type and not to MIME-sniff (guess the type from content), which can prevent misinterpretation of responses.

Why it matters

Browsers that MIME-sniff may treat a response as executable (e.g. script or HTML) when it was intended as data, leading to XSS or unexpected execution. nosniff is a simple, recommended header for all responses.

How Barrion checks it

Barrion checks for X-Content-Type-Options: nosniff on your responses. We report when the header is missing or not set to nosniff. Passive header inspection only.

Run this check →Fix guide

Related

Secure Your Company's Web Apps

Trusted by CTOs, dev teams, and agencies for compliance monitoring and audit-ready security reports.
Get detailed security reports with actionable fixes in under 60 seconds.

Barrion logo icon

Barrion delivers automated security scans and real-time monitoring to keep your applications secure.

Quick Links

For teams

Company

Contact us

Have questions or need assistance? Reach out to our team for support.

[email protected]
Send email icon

© 2025 Barrion AB (559569-0917) - All Rights Reserved.