Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on WordPress.

  1. Add the following to your theme's functions.php file or a custom plugin:

    add_action('send_headers', function() {
header('X-Content-Type-Options: nosniff');
});

  2. Alternatively, if using Apache, add to the .htaccess file in the WordPress root:

    <IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
Back to top