diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index d6f4f4062..bafa970da 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -122,6 +122,7 @@ class FreshRSS extends Minz_FrontController {
 				header("Content-Security-Policy: default-src 'self'");
 				break;
 		}
+		header("X-Content-Type-Options: nosniff");
 	}
 
 	private function loadNotifications() {