2018-11-23 17:14:15 +01:00
|
|
|
# ----------------------------------------------------------------------
|
2019-05-15 18:26:04 +02:00
|
|
|
# | Content Type Options |
|
2018-11-23 17:14:15 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
# Prevent some browsers from MIME-sniffing the response.
|
|
|
|
|
#
|
|
|
|
|
# This reduces exposure to drive-by download attacks and cross-origin
|
|
|
|
|
# data leaks, and should be left uncommented, especially if the server
|
|
|
|
|
# is serving user-uploaded content or content that could potentially be
|
|
|
|
|
# treated as executable by the browser.
|
|
|
|
|
#
|
|
|
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
|
|
|
|
# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
|
|
|
|
|
# https://mimesniff.spec.whatwg.org/
|
|
|
|
|
|
|
|
|
|
add_header X-Content-Type-Options nosniff always;
|
