Protect `application/x-protobuffer` from speculative execution attacks by adding it to the list of never sniffed MIME types used by Cross-Origin-Read-Blocking. `application/x-protobuf` is already protected as a never sniffed mime type. `application/x-protobuffer` is another commonly used MIME type that is defined as an "ALT_CONTENT_TYPE" by the protobuf library. See the original Intent to Implement and Ship notice for CORB here:


Protecting this alternate protobuf MIME type via CORB will ensure that it cannot be attacked via speculative execution attacks.


Specification link

Specification being incubated in a Community Group

Status in Chromium


Enabled by default

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Positive
  • No signal
  • No signals


Last updated on 2022-01-14