X-Content-Type-Options: nosniff

Category: Security
Type: New or changed feature
Status: Enabled by default (Chrome 64)
Intent stage: None

Summary

The `X-Content-Type-Options: nosniff` header allows a server to assert that its resources may only be executed as script or applied as style if they're delivered with appropriate `Content-Type` headers.

Standards & signals

Specification: https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?
Firefox: Shipped/Shipping
Safari: Shipped/Shipping
Web developers: No signals
Tracking bug: https://crbug.com/788096

View on chromestatus.com