← Back to headers
HTTP Header
X-Content-Type-Options
SecurityTells browsers not to MIME-sniff a response away from the declared Content-Type.
HTTP header reference, syntax, examples, and developer usage.
What is the X-Content-Type-Options header?
The X-Content-Type-Options HTTP header is used to transmit metadata between a client and server as part of HTTP requests or responses.
HTTP headers define how content should be interpreted, cached, authenticated, secured, or processed by browsers and APIs.
Direction
This header may appear in both HTTP requests and responses.
Syntax
X-Content-Type-Options: nosniff
Example
X-Content-Type-Options: nosniff
Common use cases
- Reducing MIME sniffing risks
- Improving browser security
- Protecting scripts and styles
Common mistakes
- Using the header in the wrong request or response context
- Sending invalid header values
- Incorrect header syntax
- Assuming the header automatically changes server behaviour