Configuring X-Content-Type-Options¶
There are two settings:
Configuration | Resulting header |
---|---|
enabled=”false” | None |
enabled=”true” | X-Content-Type-Options: nosniff |
In web.config:
<x-Content-Type-Options enabled="false"/>
NWebsec.Owin (ASP.NET 4): Register the middleware in the OWIN startup class:
using NWebsec.Owin;
...
public void Configuration(IAppBuilder app)
{
app.UseXContentTypeOptions();
}
Or as an MVC attribute (which defaults to true):
[XContentTypeOptions]
[XContentTypeOptions(Enabled = false)]
The header is omitted for redirects.