X-Content-Type-Options

In this lesson, we'll see how 'MIME-sniffing' introduced a vulnerability and how to use the X-Content-Type-Options header to avoid it.

We'll cover the following...

MIME-sniffing

Sometimes, clever browser features end up hurting us from a security standpoint. One example is MIME-sniffing, a technique popularized by Internet Explorer.

MIME-sniffing is the ability for a browser to auto-detect (and fix) the content type of a resource it is downloading. Say for example, we ask the browser to render an image at /awesome-picture.png, but the ...