All fix guides

How to stop MIME-sniffing with X-Content-Type-Options

Prevent browsers from guessing (and mis-executing) file types.

What it is

Without `nosniff`, browsers may ignore your declared Content-Type and guess — potentially running an uploaded file as a script.

Why it matters

MIME-sniffing can turn a harmless-looking upload or resource into executable code in the victim's browser.

How to fix it

  1. 1Add the header: `X-Content-Type-Options: nosniff`.
  2. 2Make sure your server sends correct `Content-Type` headers for all responses.
  3. 3Re-scan to confirm.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy