Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The script and styleSheet elements will reject responses with incorrect MIME types if the server sends the response header "X-Content-Type-Options: nosniff". This is a security feature that helps prevent attacks based on MIME-type confusion.
This change impacts the browser's behavior when the server sends the "X-Content-Type-Options: nosniff" header on its responses.
If the "nosniff" directive is received on a response received by a styleSheet reference, Windows Internet Explorer will not load the "stylesheet" file unless the MIME type matches "text/css".
If the "nosniff" directive is received on a response retrieved by a script reference, Internet Explorer will not load the "script" file unless the MIME type matches one of the following values:
- "application/ecmascript"
- "application/javascript"
- "application/x-javascript"
- "text/ecmascript"
- "text/javascript"
- "text/jscript"
- "text/x-javascript"
- "text/vbs"
- "text/vbscript"
When such content is blocked, the F12 developer tools show the following message:
SEC7112: Script from http://www.debugtheweb.com/test/mime/textplainnosniff.asp was blocked due to mime type mismatch script.asp
Ensure that in any response received with the "nosniff" directive has a MIME type that matches one of the values listed previously.
If you find any sites that are sending improper MIME types and behave incorrectly in Internet Explorer, please file a bug on Connect.