X-Content-Type-Options HTTP response header has been supported since Firefox 50, and the
nosniff directive can be used to effectively block scripts and stylesheets served with a wrong MIME type.
Starting with Firefox 71, it will be applied to top-level documents as well, aiming at further improving the browser security. It means HTML web pages served with a MIME type other than
text/html will be downloaded instead of being rendered when the
X-Content-Type-Options header is utilized.
There are a couple of sites known to be affected by this change, including Microsoft Office 365, so make sure to double check your site.
Update: The change has been backed out from Firefox 71. Mozilla developers are planning to redo this in Firefox 72 with some tweaks.
Update 2: The change has been landed again to Firefox 72. To mitigate the compatibility risk, the MIME type sniffing will be enabled when
X-Content-Type-Options is set but no
Content-Type is provided.
Update 3: The empty
Content-Type workaround has been removed with Firefox 75.