All fix guides
How to stop MIME-sniffing with X-Content-Type-Options
Prevent browsers from guessing (and mis-executing) file types.
What it is
Without `nosniff`, browsers may ignore your declared Content-Type and guess — potentially running an uploaded file as a script.
Why it matters
MIME-sniffing can turn a harmless-looking upload or resource into executable code in the victim's browser.
How to fix it
- 1Add the header: `X-Content-Type-Options: nosniff`.
- 2Make sure your server sends correct `Content-Type` headers for all responses.
- 3Re-scan to confirm.
Not sure if your site is affected?
Run a free scan — or let us fix it all for you.