diff --git a/pkgs/server/api-ctx.ts b/pkgs/server/api-ctx.ts
index 4461ca9..dfc8d1f 100644
--- a/pkgs/server/api-ctx.ts
+++ b/pkgs/server/api-ctx.ts
@@ -139,6 +139,7 @@ export const createResponse = (
     "max-age=31536000; includeSubDomains; preload"
   );
 
+  res.headers.append("X-Content-Type-Options", "nosniff");
   res.headers.append("X-Frame-Options", "SAMEORIGIN");
 
   return res;