Skip to content

Add examples for X-Content-Type-Options header #1844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

hooiv
Copy link

@hooiv hooiv commented Jul 27, 2025

Add examples for X-Content-Type-Options header

This is an editorial change that adds comprehensive examples to clarify the behavior of the X-Content-Type-Options: nosniff directive, addressing issue #636.

The examples illustrate when responses are blocked vs allowed, helping web developers and implementers understand the algorithm's behavior without changing any normative requirements.

Fixes #636


Preview | Diff

Add examples for X-Content-Type-Options header

Addresses issue [whatwg#636](whatwg#636) by adding comprehensive examples to the
'Should response to request be blocked due to nosniff?' algorithm.

The examples clarify:
- When responses are blocked (MIME type mismatch, missing Content-Type)
- When responses are allowed (correct MIME type, no X-Content-Type-Options header)
- Different request destinations (script, style, image)

This should help web developers and implementers understand the exact
behavior of the X-Content-Type-Options: nosniff directive.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

Add example(s) for X-Content-Type-Options
1 participant