What it is
X-Content-Type-Options is a response header that tells the browser not to guess (sniff) a response's content type and to trust the declared Content-Type instead. Its only valid value is `nosniff`.
Why it matters
Without `nosniff`, a browser may interpret a file as a different type than you intended (for example treating an uploaded document as executable script), which opens the door to content-type confusion attacks. The single value removes that ambiguity, so a missing or mistyped header is an easy, worthwhile fix.
How WebGuard checks it
WebGuard reads your response headers and reports whether X-Content-Type-Options is present and whether its value is the only valid one, `nosniff`. It inspects headers your public site already returns, and nothing more.
A sensible starting configuration:
X-Content-Type-Options: nosniff