The X-Content-Type-Options header tells browsers
to stop automatically detecting the contents of files.
This protects against attacks where they're tricked into
Simply set the header to "nosniff".
X-Content-Type-Optionsis a header supported by Internet Explorer, Chrome and Firefox 50+ that tells it not to load scripts and stylesheets unless the server indicates the correct MIME type. Without this header, these browsers can incorrectly detect files as scripts and stylesheets, leading to XSS attacks. As such, all sites must set the
X-Content-Type-Optionsheader and the appropriate MIME types for files that they serve.
In your Apache 2 VirtualHost simply add this line
Header always set X-Content-Type-Options: nosniff
Of course make sure you have the headers module enabled
Reload the config
systemctl reload apache2
That’s all there is to it!