Here you will see various methods to know if your website has X-Content-Type-Options header enabled. The X-Content-Type-Options is a security HTTP header which prevents MIME-type sniffing. It is a security vulnerability of websites where sniffers can steal the website’s content or misuse its resources. So, X-Content-Type-Options header secures your MIME (or Multipurpose Internet Mail Extensions) types to prevent your website from sniffers. So, in this article, I will explain some simple ways to check if X-Content-Type-Options is enabled in the HTTP response header on your website or not.
You can check the status of X-Content-Type-Options header through many free websites available. You can browse these websites and then enter the URL of the website which you want to check. After that, they will automatically process the website and show you whether this security header is enable or not. The best part about these websites is that, they not only show the status of X-Content-Type-Options, but some of them even shows other headers including CSP, HPKP, X-Frame-Options[[link this]], HSTS, etc.
SecurityHeaders is a free service to know if your website has X-Content-Type-Options header enabled. You can just visit this website and type the website URL. Then it will analyze the website automatically and display you the status of X-Content-Type-Options header. Apart from that, it can also show whether other security headers like X-Frame-Options, Referrer Policy, CSP, and more are enabled or not.
To view the X-Content-Type-Options header status follow the below steps.
Step 1: To start, simply visit the SecurityHeaders website. At the top, you will see a blank bar where you would need to type the website URL you want to check for X-Content-Type-Options header.
Step 2: After that, click the Scan button and then it will start processing the website. Once the analysis is complete, it will automatically show the status of the X-Content-Type-Options header. If it is enabled on your website then it will highlight the option in green and if not then in red, as shown below.
Header Security Test:
Header Security Test can help you check if X-Content-Type-Options header is enabled on your website. This website is simple to use and you can see the header status just by entering the target website URL. In addition to X-Content-Type-Options header, it will also display the status of X-XSS Protection, HPKP, CSP, HSTS, etc.
Let us go through the required steps to check X-Content-Type-Options.
Step 1: After you open this website, you need to select the Header Security Test button at the top. When you do that, a text input bar will appear in which you can type the URL of the website for checking the header security status.
Step 2: After you enter the URL, click the Test Now button at the bottom. As soon as you do that, it will analyze the URL and find the status of X-Content-Type-Options header on the website. You will see a green tick if the header is available and a red cross if it is not.
HTTP Security Report:
HTTP Security Report is also a free and useful website that lets you to easily check your website for X-Content-Type-Options header. You can just feed your website URL and then it will instantly show you the result for the header availability. You can even see whether the other headers like HPKP, SSL/TLS, CSP, HSTS, and more are available on the website.
Follow the steps below to check the X-Content-Type-Options header.
Step 1: The first thing you need to do is naviagte to the HTTP Security Report website and feed the target website link in the search field. Then hit the Analyze button visible on the right.
Step 2: After that, it will analyze your website and automatically show you the status of the X-Content-Type-Options header. It will simply display a tick or cross to imply the availability status of the security header.
Web Server Security Test:
Web Server Security Test can also be used to check if your website has X-Content-Type-Options header enabled or not. It lets you type your website URL and then shows whether the header is available in the HTTP response. You can even see the status of other security headers including SSL/TLS, X-XSS Protection, CSP, etc.
Step 1: When you browse this website, at the top of the screen you will see a search field. In the search field enter the link for your website and click Play.
Step 2: After that, it will process the website and display the status of various security headers. Among them, you will find the X-Content-Type-Options header and it availability status on your website. If it says that the header was not sent by the server then it means the header is not enabled on your website.
So, these are the best websites to know if your website has X-Content-Type-Options enabled or not. Doing so, you can make sure whether the MIME-types are secure on your website from sniffing or not. Personally, I like all these websites as they efficiently do what they are supposed to.
Try these website and let me know if you were able to check the header on your website in the comments.