Content-Type representation header is used to indicate the original media type of the resource (prior to any content encoding applied for sending).
In responses, a
Content-Type header provides the client with the actual content type of the returned content. This header's value may be ignored, for example when browsers perform MIME sniffing; set the
X-Content-Type-Options header value to
nosniff to prevent this behavior.
|Header type||Representation header|
|Forbidden header name||no|
|CORS-safelisted response header||yes|
|CORS-safelisted request header|| yes, with the additional restriction that values can't contain a CORS-unsafe request header byte: 0x00-0x1F (except 0x09 (HT)), |
It also needs to have a MIME type of its parsed value (ignoring parameters) of either