From 8bb912dbf2a8d2e0fa4abac657b8fb573b6c81bb Mon Sep 17 00:00:00 2001
From: Ashish-coder-gif <ashishdohare1116@gmail.com>
Date: Wed, 22 Oct 2025 16:27:37 +0530
Subject: [PATCH] docs: add example for X-Content-Type-Options header

---
 fetch.bs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/fetch.bs b/fetch.bs
index 8d19ae84d..ff7061f00 100755
--- a/fetch.bs
+++ b/fetch.bs
@@ -4202,6 +4202,23 @@ Content-Type:
 
 
 <h3 id=x-content-type-options-header>`<code>X-Content-Type-Options</code>` header</h3>
+<div class=example>
+  <p>Example: Using the <code>X-Content-Type-Options</code> header to prevent MIME type sniffing.</p>
+  <pre><code>HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+X-Content-Type-Options: nosniff
+
+&lt;!doctype html&gt;
+&lt;html&gt;
+  &lt;head&gt;&lt;title&gt;Secure Page&lt;/title&gt;&lt;/head&gt;
+  &lt;body&gt;
+    &lt;script src="data:text/plain,alert('This script will be blocked')">&lt;/script&gt;
+  &lt;/body&gt;
+&lt;/html&gt;
+</code></pre>
+  <p>This prevents browsers from interpreting resources as a different MIME type than declared, 
+  helping to mitigate certain types of cross-site scripting attacks.</p>
+</div>
 
 <p>The
 `<dfn export http-header id=http-x-content-type-options><code>X-Content-Type-Options</code></dfn>`