Update README.md

Added X-Content-Type-Options
2018-11-08 13:39:40 +01:00 · 2017-10-12 22:52:09 -05:00 · 2017-10-12 22:52:09 -05:00 · faefa08b06
commit faefa08b06
parent f36170a44a
1 changed files with 8 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -40,6 +40,7 @@ What we are doing here is mostly collecting useful snippets from all over the in
    - [Block Visitors by Referrer](#block-visitors-by-referrer)
    - [Prevent Framing the Site](#prevent-framing-the-site)
    - [Help to Prevent Cross-Site Scripting](#help-to-prevent-cross-site-scripting)
+    - [Prevents Mime-Sniffing the Incorrect Content-Type(#prevents-mime-sniffing-the-incorrect-content-type)
 - [Performance](#performance)
    - [Compress Text Files](#compress-text-files)
    - [Set Expires Headers](#set-expires-headers)
@ -338,6 +339,13 @@ This uses the built-in reflective XSS protection found in Internet Explorer, Chr
 Header always set X-Xss-Protection "1; mode=block"
 ```

+### Prevents Mime-Sniffing the Incorrect Content-Type
+This reduces the risk of a file, such as an cleverly-misnamed executable, being treated as a different content-type by the browser than the one being declared by the server. It also reduces exposure to drive-by downloads.
+[Source](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection)
+``` apacheconf
+Header always set X-Content-Type-Options "nosniff"
+```
+
 ## Performance
 ### Compress Text Files
 ``` apacheconf