How do I add X-Content-Type-Options: nosniff to files served by Fastly?

Comments

3 comments

  • codinghorror

    OK I found this

    https://docs.fastly.com/guides/tutorials/adding-or-modifying-headers-on-http-requests-and-responses

    And I think this is correct?

    Type: Response, Set Destination: http.X-Content-Type-Options Source: "nosniff"

    Anyway, the goal is to get this header set in responses:

    X-Content-Type-Options: nosniff
    
  • codinghorror

    Thanks! I can confirm that I now see the proper header via curl -I so this seems correct!

  • Cassandra Dixon

    Great!

    Just as a note when you check for the headers, you'll want to stay away from curl -I, as that's a Head request. On Head requests, we don't cluster, and when we don't cluster, the cache nodes act individually. As a result, you may see intermittent behavior. Instead, we recommend you use curl -svo /dev/null <url>.

Please sign in to leave a comment.