1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Disabling automatic detection of the resource type
This guide explains how to protect a site against malicious use of MIME Sniffing. Some Internet browsers (including Chrome and Internet Explorer) have a feature (MIME-Type sniffing) that makes it possible to automatically detect the type of a Web resource. Consequently, a resource declared to be an image may be interpreted as a script if its content is such.
If you want to protect against this risk the solution is to disable automatic detection of the resource type via the .htaccess file for your sites. Find out more
Disable MIME-Type sniffing
- Open the .htaccess file for the site concerned from the FTP Manager or an FTP program
- Add the following code to the .htaccess file:
Header always set X-Content-Type-Options "nosniff"
- Save the .htaccess file