diff --git a/app/cors/server/cors.js b/app/cors/server/cors.js
index 9c6d8eb31803..1022c1edcb87 100644
--- a/app/cors/server/cors.js
+++ b/app/cors/server/cors.js
@@ -54,6 +54,9 @@ WebApp.rawConnectHandlers.use(function(req, res, next) {
 	// XSS Protection for old browsers (IE)
 	res.setHeader('X-XSS-Protection', '1');
 
+	// X-Content-Type-Options header to prevent MIME Sniffing
+	res.setHeader('X-Content-Type-Options', 'nosniff');
+
 	if (settings.get('Iframe_Restrict_Access')) {
 		res.setHeader('X-Frame-Options', settings.get('Iframe_X_Frame_Options'));
 	}