Minimum Security Configuration Guide Minimum Security Configuration Guide Configuring X-Content-Type-Options in IIS Configuring X-Content-Type-Options in IIS Open Internet Information Services (IIS) Manager. In the Connections pane, go to the site, application, or directory for which you want to set a custom HTTP header. In the Home pane, double-click HTTP Response Headers. In the HTTP Response Headers pane, in the Actions pane, click Add... In the Add Custom HTTP Response Header dialog box, set the Name to "X-Content-Type-Options" and the Value to "nosniff", then click OK. Parent topic: Minimum Security Configuration Guide