diff --git a/notebook/base/handlers.py b/notebook/base/handlers.py
index c5fd8be58..cac040f06 100755
--- a/notebook/base/handlers.py
+++ b/notebook/base/handlers.py
@@ -82,6 +82,7 @@ class AuthenticatedHandler(web.RequestHandler):
 
     def set_default_headers(self):
         headers = {}
+        headers["X-Content-Type-Options"] = "nosniff"
         headers.update(self.settings.get('headers', {}))
 
         headers["Content-Security-Policy"] = self.content_security_policy