server-configs-nginx/h5bp/security/x-content-type-options.conf

# ----------------------------------------------------------------------
# | Reducing MIME type security risks                                  |
# ----------------------------------------------------------------------

# Prevent some browsers from MIME-sniffing the response.
#
# This reduces exposure to drive-by download attacks and cross-origin
# data leaks, and should be left uncommented, especially if the server
# is serving user-uploaded content or content that could potentially be
# treated as executable by the browser.
#
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
# https://mimesniff.spec.whatwg.org/

add_header X-Content-Type-Options nosniff always;
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# ----------------------------------------------------------------------`
			`# \| Reducing MIME type security risks \|`
			`# ----------------------------------------------------------------------`

			`# Prevent some browsers from MIME-sniffing the response.`
			`#`
			`# This reduces exposure to drive-by download attacks and cross-origin`
			`# data leaks, and should be left uncommented, especially if the server`
			`# is serving user-uploaded content or content that could potentially be`
			`# treated as executable by the browser.`
			`#`
			`# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options`
			`# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/`
			`# https://mimesniff.spec.whatwg.org/`

			`add_header X-Content-Type-Options nosniff always;`