Fixing Missing X-Content-Type-Options Header
Vulnerability assessment details, CWE reference metrics, and complete code-level patches.
Threat Profile
Vulnerability Analysis
Without this header, browsers can override declared MIME types (e.g. executing an uploaded image file as JavaScript if it contains script tags).
How it is Detected
Identified by checking response headers for 'X-Content-Type-Options: nosniff'.
Remediation Guidelines
Add the 'X-Content-Type-Options: nosniff' header to all responses.
Remediation Script (Nginx rule)
# SECURE REMEDIATION: Disable MIME sniffing
add_header X-Content-Type-Options "nosniff" always;Frequently Asked Questions
What is MIME sniffing?
A browser feature that inspects file bytes to determine their type, rather than relying on the declared HTTP Content-Type header.
How does missing this header lead to XSS?
If users can upload files (like images containing javascript), attackers can execute them in target browsers.
What does 'nosniff' mean?
It forces the browser to respect the declared Content-Type header strictly.
Related Vulnerability Profiles
SQL Injection (SQLi)
Attackers execute arbitrary SQL commands, bypassing authentication and manipulating database schemas.
Stored Cross-Site Scripting (Stored XSS)
Malicious scripts are stored on the server (e.g. database) and executed when users request the compromised resource.
Reflected Cross-Site Scripting (Reflected XSS)
Malicious scripts are reflected off the web server (e.g. search queries) and executed immediately in the user's browser.
DOM-based Cross-Site Scripting (DOM XSS)
Vulnerability where the client-side JavaScript processes inputs in an unsafe way (e.g. using eval or innerHTML).