Most popular variants of the header value (we only show this when there's just a bunch of variants):

A non-standard but widely accepted header introduced originally by Microsoft to disable "content sniffing" or heuristic content type discovery in absence or mismatch of a proper HTTP Content-Type declaration, which led to a number of web attacks. In general, presence of the header with its only defined value of nosniff is considered as part of a properly secured HTTP response.


We have seen 14239 websites setting the X-Content-Type-Options HTTP header and 27 unique values of this header.