diff --git a/htdocs/lib/file.php b/htdocs/lib/file.php
index 846b24b553f49968aa8927e4b2b3e5c823acfb85..cfdd44d6bd41bb6ac8a1e45c5300055e1be1ad81 100644
--- a/htdocs/lib/file.php
+++ b/htdocs/lib/file.php
@@ -89,6 +89,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
     else {
         header('Content-Disposition: inline; filename="' . $filename . '"');
     }
+    header('X-Content-Type-Options: nosniff');
 
     if ($options['lifetime'] > 0 && !get_config('nocache')) {
         header('Cache-Control: max-age=' . $options['lifetime']);