How to Prevent Content-Type Sniffing

Content-Type Sniffing is used to protect against MIME vulnerabilities. This happens when a user uploads a file but disguises it as something else. This is potentially dangerous because a malicious file could be upload to the server and then inject malicious code. The Content-Type Sniffing makes sure that files are served as the MIME file so no malicious code is executed. Here is how to enable the header.

Nginx

Add the following snippet to your .conf file and reload

add_header X-Content-Type-Options "nosniff"

Apache

Add the following snippet to your .htaccess file, save and restart.

Header set X-Content-Type-Options "nosniff"

Jacob Billings
PhD Candidate - Complex Systems
I am a software engineer, linguist, and researcher of Complex Systems. I hold a bachelor's degree in Middle Eastern Studies from the University of Utah, a Master’s degree in linguistics from Francisco Marroquín University in Guatemala City, and I am a doctoral candidate in Complex Systems at the Polytechnic University in Madrid, Spain.

Software Development: I bring over 20 years of experience in developing software for multiple clients in various environments. I have a solid knowledge of PHP, Javascript, MySQL, NoSQL, Python, and Java.

Over my career, I have had the opportunity to work on projects for some of the most recognized brands on the planet. Brands like Marriott Hotels, Microsoft, Ashland Chemical, Capital One Credit Cards, Cadbury Schweppes, GE and more. This has given me an in-depth understanding of my client's challenges as they grow. I know how to get a company from startup to maturity with technology. My specialties are in E-commerce(specifically Magento), process automation, and security.