The X-Content-Type-Options header is a marker used by the server to indicate that the media types advertised by the Content-Type headers should not be changed, but followed.
The X-Content-Type-Options header can be configured in the Web.config file, under the i4connected API folder, as follows: "X-Content-Type-Options" value= "nosniff"
![X_Content_Tupe_Options.jpg](image/16697afacc99ec.jpg)
The X-Content-Type-Options header
The nosniff parameter includes the following specifications:
Blocks a request if the request destination is of type:
"style" and the media type is not text / css, or
"script" and the media type is not a JavaScript MIME type.
Enables Cross-Origin Read Blocking protection for the media types:
text/html
text/plain
text/json, application/json or any other type with a JSON extension: */*+json
text/xml, application/xml or any other type with an XML extension: */*+xml (excluding image/svg+xml)