Add directive similar to `X-Content-Type-Options: nosniff`?

[valtlai]

Should CSP have a directive similar to X-Content-Type-Options: nosniff (as it does for X-Frame-Options)? Maybe something like no-type-sniffing.

[jonathanKingston]

Is there any stats on how often mime sniffing happens? I'm guessing it is still pretty common.

[martinzhou2015]

This idea is good! Issues caused by MIME sniffing still exist. Adding 'no-type-sniffing' enables the developer to cut an extra field in HTTP headers.