X-Content-Type-Options (XCTO)

The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.

Nosniff

X-Content-Type-Options: nosniff only apply request-blocking due to nosniff for request destinations of “script” and “style”. However, it also enables Cross-Origin Read Blocking (CORB) protection for HTML, TXT, JSON and XML files (excluding SVG image/svg+xml).

You can find more details on the CORB page.

Wordpress

XSS - Cross-site Scripting

Docs

OffensiveWeb

Title here

X-Content-Type-Options (XCTO)