X-Content-Type-Options
Enabled Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.
Usage
This header is enabled by default but you can change its behavior like following.
export default defineNuxtConfig({  // Global  security: {    headers: {      xContentTypeOptions: <OPTIONS>,    },  },  // Per route  routeRules: {    '/custom-route': {      security: {        headers: {          xContentTypeOptions: <OPTIONS>,        },      },    }  }})You can also disable this header by xContentTypeOptions: false.
Default value
By default, Nuxt Security will set following value for this header.
X-Content-Type-Options: nosniff
Available values
The xContentTypeOptions header can be configured with following values.
xContentTypeOptions: 'nosniff' | falsenosniff
Blocks a request if the request destination is of type style and the MIME type is not text/css, or of type script and the MIME type is not a JavaScript MIME type.