How can I add "X-Content-Type-Options: nosniff" to all the response headers from my web server
20,426
Solution 1
Just append this to your webserver configuration, after making sure mod_headers is loaded:
<Directory "your_web_server_documents_directory">
.......
Header always set X-Content-Type-Options nosniff
.......
</Directory>
Solution 2
what i did is this. i place the tags right after commented out property modules/mod_headers.so and restart my appserver but still the same response header.
LoadModule headers_module modules/mod_headers.so
<Directory mod_headers.c>
Header always set X-Content-Type-Options nosniff
</Directory>
Solution 3
open your .htaccess and put this to prevent against XSS, Click-jacking and content-sniffing:
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
</IfModule>
reference: https://htaccessbook.com/increase-security-x-security-headers
Author by
ssn
Updated on March 25, 2021Comments
-
ssn about 3 years
I am running an apache web server. I would like to add "X-Content-Type-Options: nosniff" to all the response headers going from my web server. How can I do that? Is it possible to make changes to apache config files to accomplish this?
-
ssn over 10 yearsBy "making sure mod_headers is loaded", do you mean just making sure "LoadModule headers_module modules/mod_headers.so" is NOT commented out in httpd.conf.