search

Content/MIME Sniffing Protection

Protect your Umbraco site from MIME sniffing vulnerabilities using security headers like X-Content-Type-Options.

Checks that your site contains a header used to protect against Multipurpose Internet Mail Extensions (MIME) sniffing vulnerabilities.

hashtag
How to fix this health check

This health check can be fixed by adding a header before the response is started.

Preferable you use a security library like NWebSecarrow-up-right.

hashtag
Adding Content/MIME Sniffing Protection using NWebSec

If you take a NuGet dependency on NWebsec.AspNetCore.Middleware/arrow-up-right, you can use third extension methods on WebApplication.

...
WebApplication app = builder.Build();

app.UseXContentTypeOptions();
...

hashtag
Adding Content/MIME Sniffing Protection using manual middleware

If you do not like to have a dependency on third party libraries, you can add the following custom middleware to the request pipeline.

First create the middleware class:

namespace MySite.Middleware;

public class NoSniffMiddleware : IMiddleware
{
    public async Task InvokeAsync(HttpContext context, RequestDelegate next)
    {
        context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
        await next(context);
    }
}

Next register it in Program.cs

PreviousContent Content Security Policy (CSP)NextCross-site scripting Protection (X-XSS-Protection header)

Last updated

Was this helpful?