A content sniffing attack typically involve tricking a browser into executing a script that is disguised as another file type. These attacks can be protected against with correctly configured response headers.
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate the MIME types advertised in the Content-Type headers should not be changed and be followed … This header was introduced by Microsoft in IE 8 as a way for webmasters to block content sniffing that was happening and could transform non-executable MIME types into executable MIME types.
Use content sniffing protection
Turn off browser content sniffing to protect against content sniffing exploits. When processing a response, browsers sometimes ignore the MIME type in the
Content-Type header and guess the type based on the contents of the response. This is called content sniffing and is done to improve the user experience when
X-Content-Type-Options response header to
nosniff. This tells browsers to avoid guessing response types and to rely only on the
Set MIME types
All responses should accurately specify their MIME type so that browsers don’t have to rely on content sniffing. When the
X-Content-Type-Options: nosniff response header is used to disable content sniffing, browsers rely on the
Content-Type header to determine the type of each response. To avoid issues, set the
Content-Type header of all responses to an accurate MIME type.
More articles in this series
➜ This article is from our comprehensive Web Security Best Practices guide.
➜ Next article in this series: Response headers
➜ Previous article in this series: HSTS