diff --git a/packages/backend/src/server/file/send-drive-file.ts b/packages/backend/src/server/file/send-drive-file.ts
index 087736902..2482f0ce6 100644
--- a/packages/backend/src/server/file/send-drive-file.ts
+++ b/packages/backend/src/server/file/send-drive-file.ts
@@ -49,6 +49,8 @@ export default async function (ctx: Koa.Context) {
 		return;
 	}
 
+	ctx.set("X-Content-Type-Options", "nosniff");
+
 	const isThumbnail = file.thumbnailAccessKey === key;
 	const isWebpublic = file.webpublicAccessKey === key;