diff --git a/pub/.htaccess b/pub/.htaccess
index 1b5d7e007000f..5f1ea8bb2f1c2 100644
--- a/pub/.htaccess
+++ b/pub/.htaccess
@@ -287,4 +287,7 @@ ErrorDocument 403 /errors/404.php
 
     ## Prevent clickjacking
     Header set X-Frame-Options SAMEORIGIN
+
+    ## Prevent MIME type sniffing
+    Header set X-Content-Type-Options "nosniff"
 </IfModule>