Configuring X-Content-Type-Options¶
There are two settings:
Configuration | Resulting header |
---|---|
enabled=”false” | None |
enabled=”true” | X-Content-Type-Options: nosniff |
Register the middleware in the OWIN startup class:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
app.UseStaticFiles();
app.UseXContentTypeOptions();
app.UseMvc(...);
}
Or as an MVC attribute (which defaults to true):
[XContentTypeOptions]
[XContentTypeOptions(Enabled = false)]
The header is omitted for redirects.