5.3.2 Ensure X-Content-Type-Options header is configured and enabled

Information

The X-Content-Type-Options header should be used to force supported user agents to check an HTTP response's content type header with what is expected from the destination of the request.

Rationale:

Implementing the X-Content-Type-Options header with the 'nosniff' directive helps to prevent drive-by download attacks where a user agent is sniffing content types in responses.

Solution

Open the nginx configuration file that contains your server blocks. Add the below line into your server block to add X-Content-Type-Options header and direct your user agent to not sniff content types.

add_header X-Content-Type-Options 'nosniff' always;

Default Value:

This header is not implemented by default.

See Also

https://workbench.cisecurity.org/files/4212