Overview
Addional headers can be added to your website in order to prevent some of the basic, mime over-rides. For example, for sites which allow users to upload content and media a cleverly crafted JPEG image could be uploaded which contains PHP code.
While the validation of the uploaded content is best handled by the application (eg WordPress) itself, the additional header can still be added as an additional safeguard.
Instructions
- Log into your Plesk or Conetix Control Panel.
- Confirm you have met all the prerequisites by going to the hosting settings and confirming to following:
- SSL/TLS support under security is ticked
- Permanent SEO-safe 301 redirect from HTTP to HTTPS is ticked
- A valid certificate is selected
- Navigate to 'Apache & nginx Settings':
- Enter the code following code into the Additional nginx directives:
add_header X-Content-Type-Options "nosniff" always;
Then click Ok.
- You have now successfully added the X-Content-Type-Options header.