X-Content-Type-Options

Enabled Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.


The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.

ℹ Read more about this header here.

Usage

This header is enabled by default but you can change its behavior like following.

export default defineNuxtConfig({
  // Global
  security: {
    headers: {
      xContentTypeOptions: <OPTIONS>,
    },
  },

  // Per route
  routeRules: {
    '/custom-route': {
      security: {
        headers: {
          xContentTypeOptions: <OPTIONS>,
        },
      },
    }
  }
})

You can also disable this header by xContentTypeOptions: false.

Default value

By default, Nuxt Security will set the following value for this header.

X-Content-Type-Options: nosniff

Available values

The xContentTypeOptions header can be configured with following values.

xContentTypeOptions: 'nosniff' | false

nosniff

Blocks a request if the request destination is of type style and the MIME type is not text/css, or of type script and the MIME type is not a JavaScript MIME type.