MIME Sniffing Test
Check whether a site prevents browsers from unsafe content types.
Powered by Geekflare Website Load Time API
What Is a MIME Sniffing Test?
Geekflare MIME Sniffing Test checks whether a page sends X-Content-Type-Options: nosniff. This response header tells browsers not to guess a file type when the declared Content-Type is ambiguous or incorrect.
What the Tool Checks
| Check | Why It Matters |
|---|---|
| X-Content-Type-Options | The target security header. The recommended value is nosniff. |
| Content-Type | Shows the declared response type, which should still be accurate. |
| Response headers | Lists all returned headers so you can verify related CDN or server configuration. |
How to Read the Results
If the result is Passed, the page returned X-Content-Type-Options: nosniff.
If the header is missing, add it at the web server, CDN, or application layer. If the header exists with another value, update it to nosniff.
Use nosniff alongside correct Content-Type headers. It is a browser safety control, not a replacement for accurate MIME types.
Frequently Asked Questions
MIME sniffing is when a browser guesses a response type instead of strictly following the declared Content-Type. That can become risky when user-controlled files or mislabeled responses are interpreted as executable content.
The valid and recommended value is nosniff. This tool flags the header as needing review if it is present with another value.
No. Keep accurate Content-Type headers and add X-Content-Type-Options: nosniff so browsers avoid unsafe content-type guessing.