Headers

X-Download-Options

Instruct Internet Explorer to not open a downloaded file directly.

The X-Download-Options HTTP header has only one option: X-Download-Options: noopen. This is for Internet Explorer from version 8 on to instruct the browser not to open a download directly in the browser but instead to provide only the Save option. The user has to first save it and then open it in an application.

Read more about this header here.

Usage

This header is enabled by default but you can change its behavior like following.

export default defineNuxtConfig({
  // Global
  security: {
    headers: {
      xDownloadOptions: <OPTIONS>,
    },
  },

  // Per route
  routeRules: {
    '/custom-route': {
      security: {
        headers: {
          xDownloadOptions: <OPTIONS>,
        },
      },
    }
  }
})

You can also disable this header by xDownloadOptions: false.

Default value

By default, Nuxt Security will set the following value for this header.

X-Download-Options: noopen

Available values

The xDownloadOptions header can be configured with following values.

xDownloadOptions: 'noopen' | false;

noopen

When this directive is used, the user can still save and open the file, but this way the malicious code will be prevented from running on our website. Though it will run on the user’s file system.