diff options
author | David Rothstein <drothstein@gmail.com> | 2015-10-03 15:13:35 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2015-10-03 15:13:35 -0400 |
commit | c9d188950508f104a8115ec7a78335607d9b6037 (patch) | |
tree | 0a9c32d16f83baab39d252a5f69bf4bcf87dc725 /.htaccess | |
parent | 47d24ed171bcb4c6aca409ce8af0844a06520f5c (diff) | |
download | brdo-c9d188950508f104a8115ec7a78335607d9b6037.tar.gz brdo-c9d188950508f104a8115ec7a78335607d9b6037.tar.bz2 |
Issue #462950 by pwolanin, Pere Orga: Mitigate the security risks that come from IE, Chrome and other browsers trying to sniff the mime type
Diffstat (limited to '.htaccess')
-rw-r--r-- | .htaccess | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -141,3 +141,9 @@ DirectoryIndex index.php index.html index.htm </FilesMatch> </IfModule> </IfModule> + +# Add headers to all responses. +<IfModule mod_headers.c> + # Disable content sniffing, since it's an attack vector. + Header always set X-Content-Type-Options nosniff +</IfModule> |