Configuring X-Download-Options

There are two settings:

Configuration Resulting header
enabled=”false” None
enabled=”true” X-Download-Options: noopen

In web.config:

<x-Download-Options enabled="false"/>

NWebsec.Owin: Register the middleware in the OWIN startup class:

using NWebsec.Owin;
...
public void Configuration(IAppBuilder app)
{
    app.UseXDownloadOptions();
}

Or as an MVC attribute (which defaults to true):

[XDownloadOptions]
[XDownloadOptions(Enabled = false)]

The header is omitted for redirects.