Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

X Content Type Options

HTTP Header

The HTTP X-Content-Type-Options response header signals that the MIME types specified in the Content-Type headers should be strictly followed and not altered.
By setting this header, developers can prevent MIME type sniffing, ensuring browsers do not override the declared content types, thus enhancing security.

Security testers often verify that this header is properly configured to ensure robust site security.

Note:
The X-Content-Type-Options response header applies primarily to request-blocking due to nosniff for request destinations of "script" and "style".
Additionally, it enables Cross-Origin Read Blocking (CORB) protection for HTML, plain text, JSON, and XML files (excluding SVG images with content type image/svg+xml).

Header typeResponse header
Forbidden request headerNo

 

Syntax

X-Content-Type-Options: nosniff

Directives

Directives

The nosniff directive helps enhance security by preventing browsers from MIME-sniffing a response away from the declared content-type. When this directive is active, if a request targets a resource of type style but the MIME type isn’t text/css, or if the type is script but the MIME type isn’t an official JavaScript MIME type, the request will be blocked. This measure helps prevent attacks that rely on MIME-type confusion, promoting safer handling of resources by ensuring they are interpreted correctly according to their specified types.

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the X-Content-Type-Options header. This can help you test how browsers handle MIME type sniffing and security policies by changing this header during development or debugging. Steps to Modify the X-Content-Type-Options Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter X-Content-Type-Options.
    • In the “Header Value” field, enter your desired value (e.g., nosniff).
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-api.com/*).
  5. Save the rule.

Once set up, Requestly will inject the specified X-Content-Type-Options header into all matching requests, helping you test how your application behaves with different security settings. Modifying the X-Content-Type-Options header is useful because it controls how browsers handle MIME types and prevents attacks like MIME sniffing. Testing changes to this header helps ensure your site delivers content securely and correctly.