isklikas
commented
7 years ago Update: The reason behind this is fairly simple. This line prevents MIME-sniffing a response away from the declared content-type as the header instructs the browser not to override the response content type. With the nosniff option, if the server says the content is text/html, the browser will render it as text/html
maplesteve
Basically, I use nginx to forward homebridge-server (with HTTPS and username / password authentication), so that I can have remote access, as my setup is a headless Ubuntu Server. However I found that when setting the "add_header X-Content-Type-Options nosniff;" header, the proxy pass, now returns the page as raw HTML. Commenting out this line fixes this issue, but since I also happen to host a Wordpress on my server (on a different domain of course), this line is very important to me...