summaryrefslogtreecommitdiff
path: root/.htaccess
diff options
context:
space:
mode:
authorDavid Rothstein <drothstein@gmail.com>2015-10-03 15:13:35 -0400
committerDavid Rothstein <drothstein@gmail.com>2015-10-03 15:13:35 -0400
commitc9d188950508f104a8115ec7a78335607d9b6037 (patch)
tree0a9c32d16f83baab39d252a5f69bf4bcf87dc725 /.htaccess
parent47d24ed171bcb4c6aca409ce8af0844a06520f5c (diff)
downloadbrdo-c9d188950508f104a8115ec7a78335607d9b6037.tar.gz
brdo-c9d188950508f104a8115ec7a78335607d9b6037.tar.bz2
Issue #462950 by pwolanin, Pere Orga: Mitigate the security risks that come from IE, Chrome and other browsers trying to sniff the mime type
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess6
1 files changed, 6 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess
index 7ccb6a2f6..151239c11 100644
--- a/.htaccess
+++ b/.htaccess
@@ -141,3 +141,9 @@ DirectoryIndex index.php index.html index.htm
</FilesMatch>
</IfModule>
</IfModule>
+
+# Add headers to all responses.
+<IfModule mod_headers.c>
+ # Disable content sniffing, since it's an attack vector.
+ Header always set X-Content-Type-Options nosniff
+</IfModule>