Configuring X-Content-Type-Options¶
There are two settings:
| Configuration | Resulting header |
|---|---|
| enabled=”false” | None |
| enabled=”true” | X-Content-Type-Options: nosniff |
In web.config:
<x-Content-Type-Options enabled="false"/>
NWebsec.Owin: Register the middleware in the OWIN startup class:
using NWebsec.Owin;
...
public void Configuration(IAppBuilder app)
{
app.UseXContentTypeOptions();
}
Or as an MVC attribute (which defaults to true):
[XContentTypeOptions]
[XContentTypeOptions(Enabled = false)]
The header is omitted for redirects.