Bring your software development workflows to security
nosniff forces browsers to respect the server specified file type. This protects against MIME confusion attacks.
MIME sniffing is used by some web browsers, including notably Microsoft’s Internet Explorer. It is an attempt to help websites that don’t signal the MIME type of web content to display correctly. However, doing this opens up a serious security vulnerability, in which, by confusing the MIME sniffing algorithm, the browser can be manipulated into interpreting data. This allows an attacker to carry out operations that are not expected by either the site operator or user, such as cross-site scripting.
This plugin can automatically set the
X-Content-Type-Options header to the configured value in HTTP responses.
By instrumenting the HTTP server running in your application, Sqreen can inject the right value at runtime without requiring any code change nor deployment.
The value and the plugin status can be changed anytime from the plugin page.
No data collected