X-Content-Type-Options

Enabled Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.


The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.

ℹ Read more about this header here.

Usage

This header is enabled by default but you can change its behavior like following.

export default defineNuxtConfig({  // Global  security: {    headers: {      xContentTypeOptions: <OPTIONS>,    },  },  // Per route  routeRules: {    '/custom-route': {      headers: {        'X-Content-Type-Options': <OPTIONS>      },    }  }})

You can also disable this header by xContentTypeOptions: false.

Default value

By default, Nuxt Security will set following value for this header.

X-Content-Type-Options: nosniff

Available values

The xContentTypeOptions header can be configured with following values.

xContentTypeOptions: 'nosniff' | false

nosniff

Blocks a request if the request destination is of type style and the MIME type is not text/css, or of type script and the MIME type is not a JavaScript MIME type.