X-Content Type Options

The X-Content-Type-Options feature adds the X-Content-Type-Options header to viewer responses. This header instructs compatible browsers not to perform MIME sniffing and to rely strictly on the Content-Type declared by the server. Disabling MIME sniffing helps reduce exposure to certain injection and cross-site scripting (XSS) vectors.

How X-Content-Type-Options Works

You can configure X-CDN Header in the Medianova Control Panel or via API

When enabled:

• The CDN adds the following header to viewer-facing responses:

  Copy

  X-Content-Type-Options: nosniff

• Browsers that support this header will not attempt to infer content types and will instead enforce the value provided by the origin.

• MIME sniffing is disabled for resources such as scripts, stylesheets, and other content types that could be misinterpreted.

Use Cases

Prevent MIME sniffing

Ensure the browser does not guess content types, avoiding scenarios where a file may be interpreted as executable code.

Improve XSS resilience

Reduce attack surfaces where incorrect content-type interpretation could lead to script execution.

Enforce strict content handling

Guarantee consistent behavior across browsers by ensuring content is processed exactly as declared.

Notes

• The header is applied only to viewer responses, not to origin-bound requests.

• Modern browsers widely support nosniff, but legacy browsers may behave inconsistently.

• Enabling this header does not alter your CDN caching logic.

• Correct MIME types must still be set by your origin; this header does not correct misconfigured content types.