X-Content-Type-Options
Enabled Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.
Usage
This header is enabled by default but you can change its behavior like following.
export default defineNuxtConfig({ // Global security: { headers: { xContentTypeOptions: <OPTIONS>, }, }, // Per route routeRules: { '/custom-route': { headers: { 'X-Content-Type-Options': <OPTIONS> }, } }})
You can also disable this header by xContentTypeOptions: false
.
Default value
By default, Nuxt Security will set following value for this header.
X-Content-Type-Options: nosniff
Available values
The xContentTypeOptions
header can be configured with following values.
xContentTypeOptions: 'nosniff' | false
nosniff
Blocks a request if the request destination is of type style and the MIME type is not text/css, or of type script and the MIME type is not a JavaScript MIME type.