When accessing your website’s content, browsers will often attempt to identify (and sometimes change) how some content types are handled. Unfortunately, an unintended consequence of this is that some content could be mishandled.
To avoid the accidental mishandling of content types, the X-Content-Type-Options header exists. This header simply tells the browser to opt out of any MIME the sniffing and treat the content as advertised by the Content-Type headers.
In this article, we’ll show you how to use the Security Headers plugin to add the X-Content-Type-Options header and disable MIME type sniffing.
Setting the X-Content-Type-Options Header in WordPress
- Begin by logging into your WordPress admin.
- Next, install and activate the Security Headers plugin.
- Once the Security Headers plugin is installed and activated, a new menu item will be added to the left side menu. Hover over Settings, then click on HTTP Headers to access the plugin’s options page.
- To utilize the "X-Content-Type-Options: nosniff" header, enable the checkbox next to Disable Content Sniffing.
- Finally, scroll down to the bottom of the options page and click on the Save Changes button.