I am using ASP.NET platform to create a web page. Inside the page i have used some images/icons. For security purpose i have used “X-Content-Type-Options: nosniff” in web.config file. When i deploy the web page in IE, some of the images/icons isn't rendered. But, the same page working fine in Firefox and Chrome.
When i remove the statement “X-Content-Type-Options: nosniff” from web.config everything is working fine in IE. But, for security purpose i must use that statement. At the same time the missing images/icons need to be rendered in IE.
So, can anyone help me how to fix the issue with the statement “X-Content-Type-Options: nosniff".
Thanks in advance,
The nosniff only applies to "script" and "style" types. Also applying nosniff to images turned out to be incompatible with existing web sites.
So "X-Content-Type-Options nosniff" would bypass the problem for images and here comes the browser role which fail to render the image if the type mentioned by the server is not matching the real file extension.
Refer to: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options.
and this: https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With