An X-Content-Type-Options response HTTP header is a marker header that is used by the server to indicate that the Multipurpose Internet Mail Extensions (MIME) types advertised in the Content-Type headers should not be changed and be followed. This header allows to opt-out of Multipurpose Internet Mail Extensions (MIME) type sniffing. This header was first introduced by Microsoft to help webmasters block sniffing attacks. Older versions of IE and chrome performed MIME sniff on the response and interpreted the received information as content rather than an intended content. This vulnerability can be exploited when a website allows users to upload content to a website. During this process, it can give them the opportunity to perform cross-site scripting and compromise the website. Security testers expect this header in the application to ensure utmost security.
Impact
The possible attacks are:-
- Sniffing attacks
- Man-In-The-Middle attacks (MITM)
Mitigation / Precaution
Beagle recommends the following fixes:-
- Implement X-Content-Type-Options header
- The following shows the implementation on servers.
Nginx
add_header X-Content-Type-Options "nosniff"
Apache
Header set X-Content-Type-Options "nosniff"
