An X-Content-Type-Options response HTTP header is a marker header that is used by the server to indicate that the Multipurpose Internet Mail Extensions (MIME) types advertised in the Content-Type headers should not be changed and be followed. This header allows to opt-out of Multipurpose Internet Mail Extensions (MIME) type sniffing. This header was first introduced by Microsoft to help webmasters block sniffing attacks. Older versions of IE and chrome performed MIME sniff on the response and interpreted the received information as content rather than an intended content. This vulnerability can be exploited when a website allows users to upload content to a website. During this process, it can give them the opportunity to perform cross-site scripting and compromise the website. Security testers expect this header in the application to ensure utmost security.
Impact
- Ignoring the new X-Content-Type-Options response header will allow the browsers to do MIME-sniffing a response away from the declared content-type.
Mitigation / Precaution
Beagle recommends the following fixes:-
- Implement proper X-Content-Type-Options header.
- The following shows the implementation on servers.
Nginx
Nginx
add_header X-Content-Type-Options "nosniff"
Apache
Header set X-Content-Type-Options "nosniff"
