X-Content-Type-Options
######################

Syntax::

    X-Content-Type-Options: nosniff


Directives::

    nosniff:
    Blocks a request if the request destination is
      1. of type style and the MIME type is not text/css, 
      2. of type script and the MIME type is not a JavaScript MIME type

.. note:: 相当于一个提示标志，被服务器用来提示客户端一定要遵循在 Content-Type 首部中对  MIME 类型 的设定，而不能对其进行修改。这就禁用了客户端的 MIME 类型嗅探行为






参考
====


* https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/X-Content-Type-Options