How can I add "X-Content-Type-Options: nosniff" to all the response headers from my web server

javascript apache http-headers mime-types httpresponse
20,426

Solution 1

Just append this to your webserver configuration, after making sure mod_headers is loaded:

<Directory "your_web_server_documents_directory">
    .......
    Header always set X-Content-Type-Options nosniff
    .......
</Directory>

Solution 2

what i did is this. i place the tags right after commented out property modules/mod_headers.so and restart my appserver but still the same response header. 

LoadModule headers_module modules/mod_headers.so

<Directory mod_headers.c>
     Header always set X-Content-Type-Options nosniff
</Directory>

Solution 3

open your .htaccess and put this to prevent against XSS, Click-jacking and content-sniffing:

# Extra Security Headers
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-Content-Type-Options nosniff
</IfModule>

reference: https://htaccessbook.com/increase-security-x-security-headers

Share:
20,426
ssn
Author by

ssn

Updated on March 25, 2021

Comments

  • ssn
    ssn about 3 years

    I am running an apache web server. I would like to add "X-Content-Type-Options: nosniff" to all the response headers going from my web server. How can I do that? Is it possible to make changes to apache config files to accomplish this?

  • ssn
    ssn over 10 years
    By "making sure mod_headers is loaded", do you mean just making sure "LoadModule headers_module modules/mod_headers.so" is NOT commented out in httpd.conf.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Debug message "Resource interpreted as other but transferred with MIME type application/javascript"
Sending data via request header vs sending data via request body
Long-lived connections (asynchronous server push) with Apache/PHP/Javascript?
Why might Chrome return an incorrect MIME type error for one of my JS files when they are all served the same way?
SimpleHTTPServer code 404, message File not found
How to isolate the HTTP headers/body from a PHP Sockets request
Set MIME type after PHP interpreting
How do I set the correct Content-Type header for the different browsers?
Getting error "Strict MIME type checking is enforced for module scripts per HTML spec" when trying to import project
How to update laravel project after changing javascript file and controller