# ---------------------------------------------------------------------- # | Content Type Options | # ---------------------------------------------------------------------- # Prevent some browsers from MIME-sniffing the response. # # This reduces exposure to drive-by download attacks and cross-origin data # leaks, and should be left uncommented, especially if the server is serving # user-uploaded content or content that could potentially be treated as # executable by the browser. # # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options # https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/ # https://mimesniff.spec.whatwg.org/ add_header X-Content-Type-Options nosniff always;