[13:25:27] <kghbln>	 Short question. My wiki set "X-Content-Type-Options nosniff" in the header, which is good. However, I have no clue where it comes from. I am not setting it via Apache. Is this some MediaWiki default for 1.39.x?
[13:29:35] <kghbln>	 I know there is  $wgBreakFrames for setting "X-Frame-Options: DENY" but I have not found an equivalent for X-Content-Type-Options
[13:32:30] <Lucas_WMDE>	 MediaWiki sets it by default in a few places (I don’t think there’s a setting for it)
[13:32:52] <Lucas_WMDE>	 there’s a bit of code in ResourceLoader, WebStart and the Installer, and also the images/.htaccess file
[13:34:03] <kghbln>	 Ah, yes, for images. Good! But also for Main Page? This is puzzling me a bit.
[13:34:49] <Lucas_WMDE>	 looks like WebStart.php applies to all web entry points
[13:34:54] <Lucas_WMDE>	 so it would be set basically everywhere
[13:35:23] <kghbln>	 Your response made me do a code search: https://codesearch.wmcloud.org/search/?q=X-Content-Type-Options&files=&excludeFiles=&repos=#MediaWiki%20core
[13:36:04] <kghbln>	 This confirms your information!
[13:36:09] <kghbln>	 Cool. Good to know.
[13:36:18] <kghbln>	 Thanks a bunch!