diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/zh_tw.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/zh_tw.xml
index cdcf095aae..b1997a1c0a 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/zh_tw.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/zh_tw.xml
@@ -1283,7 +1283,7 @@
     <key alias="xmlDataIntegrityCheckMedia">媒體 - 所有XML：%0%，總共發佈：%1%，不合格：%2%</key>
     <key alias="xmlDataIntegrityCheckContent">內容 - 所有XML：%0%，總共發佈：%1%，不合格：%2%</key>
     <key alias="httpsCheckInvalidCertificate">憑證驗證錯誤：%0%</key>
-    <key alias="httpsCheckInvalidUrl">網址探查錯誤：%0% - '%1%'</key>
+    <key alias="healthCheckInvalidUrl">網址探查錯誤：%0% - '%1%'</key>
     <key alias="httpsCheckIsCurrentSchemeHttps">您目前使用HTTPS瀏覽本站：%0%</key>
     <key alias="httpsCheckConfigurationRectifyNotPossible">在您的web.config檔案中，appSetting的umbracoUseSSL是設為false。當您開始使用HTTPS時，應將其改為 true。</key>
     <key alias="httpsCheckConfigurationCheckResult">在您的web.config檔案中，appSetting的umbracoUseSSL是設為 %0%，您的cookies %0% 標成安全。</key>
@@ -1316,10 +1316,10 @@
     <key alias="optionalFilePermissionFailed"><![CDATA[以下檔案必須擁有寫入權限好讓系統可以正常運作，但無法連接：<strong>%0%</strong>。如果無須寫入，不需採取行動。]]></key>
     <key alias="clickJackingCheckHeaderFound"><![CDATA[標頭或meta-tag的 <strong>X-Frame-Options</strong> 設定能控制網站是否可以被其他人IFRAMEd已找到。]]></key>
     <key alias="clickJackingCheckHeaderNotFound"><![CDATA[標頭或meta-tag的 <strong>X-Frame-Options</strong> 設定能控制網站是否可以被其他人IFRAMEd沒有找到。]]></key>
-    <key alias="clickJackingSetHeaderInConfig">調整設定的標頭</key>
+    <key alias="setHeaderInConfig">調整設定的標頭</key>
     <key alias="clickJackingSetHeaderInConfigDescription">在 web.config 的 httpProtocol/customHeaders 區域增加設定來防止本站被別的網站IFRAMEd。</key>
     <key alias="clickJackingSetHeaderInConfigSuccess">在 web.config 的 httpProtocol/customHeaders 區域已經增加設定來防止本站被別的網站IFRAMEd。</key>
-    <key alias="clickJackingSetHeaderInConfigError">無法更新web.config檔案，錯誤：%0%</key>
+    <key alias="setHeaderInConfigError">無法更新web.config檔案，錯誤：%0%</key>
     <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
   	-->
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/umbraco/config/lang/en.xml
index 0137e5d0e0..e16e3108f1 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/en.xml
@@ -2060,7 +2060,7 @@ To manage your website, simply open the Umbraco back office and start adding con
         <key alias="httpsCheckInvalidCertificate">Certificate validation error: '%0%'</key>
         <key alias="httpsCheckExpiredCertificate">Your website's SSL certificate has expired.</key>
         <key alias="httpsCheckExpiringCertificate">Your website's SSL certificate is expiring in %0% days.</key>
-        <key alias="httpsCheckInvalidUrl">Error pinging the URL %0% - '%1%'</key>
+        <key alias="healthCheckInvalidUrl">Error pinging the URL %0% - '%1%'</key>
         <key alias="httpsCheckIsCurrentSchemeHttps">You are currently %0% viewing the site using the HTTPS scheme.</key>
         <key alias="httpsCheckConfigurationRectifyNotPossible">The appSetting 'umbracoUseSSL' is set to 'false' in your web.config file. Once you access this site using the HTTPS scheme, that should be set to 'true'.</key>
         <key alias="httpsCheckConfigurationCheckResult">The appSetting 'umbracoUseSSL' is set to '%0%' in your web.config file, your cookies are %1% marked as secure.</key>
@@ -2100,11 +2100,16 @@ To manage your website, simply open the Umbraco back office and start adding con
 
         <key alias="clickJackingCheckHeaderFound"><![CDATA[The header or meta-tag <strong>X-Frame-Options</strong> used to control whether a site can be IFRAMEd by another was found.]]></key>
         <key alias="clickJackingCheckHeaderNotFound"><![CDATA[The header or meta-tag <strong>X-Frame-Options</strong> used to control whether a site can be IFRAMEd by another was not found.]]></key>
-        <key alias="clickJackingSetHeaderInConfig">Set Header in Config</key>
+        <key alias="setHeaderInConfig">Set Header in Config</key>
         <key alias="clickJackingSetHeaderInConfigDescription">Adds a value to the httpProtocol/customHeaders section of web.config to prevent the site being IFRAMEd by other websites.</key>
         <key alias="clickJackingSetHeaderInConfigSuccess">A setting to create a header preventing IFRAMEing of the site by other websites has been added to your web.config file.</key>
-        <key alias="clickJackingSetHeaderInConfigError">Could not update web.config file. Error: %0%</key>
+        <key alias="setHeaderInConfigError">Could not update web.config file. Error: %0%</key>
 
+        <key alias="noSniffCheckHeaderFound"><![CDATA[The header or meta-tag <strong>X-Content-Type-Options</strong> used to protect against MIME sniffing vulnerabilities was found.]]></key>
+        <key alias="noSniffCheckHeaderNotFound"><![CDATA[The header or meta-tag <strong>X-Content-Type-Options</strong> used to protect against MIME sniffing vulnerabilities was not found.]]></key>
+        <key alias="noSniffSetHeaderInConfigDescription">Adds a value to the httpProtocol/customHeaders section of web.config to protect against MIME sniffing vulnerabilities.</key>
+        <key alias="noSniffSetHeaderInConfigSuccess">A setting to create a header protecting against MIME sniffing vulnerabilities has been added to your web.config file.</key>
+        	
         <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
   	-->
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml b/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
index 1ff807b79b..3632b8162a 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
@@ -2051,7 +2051,7 @@ To manage your website, simply open the Umbraco back office and start adding con
         <key alias="httpsCheckInvalidCertificate">Certificate validation error: '%0%'</key>
         <key alias="httpsCheckExpiredCertificate">Your website's SSL certificate has expired.</key>
         <key alias="httpsCheckExpiringCertificate">Your website's SSL certificate is expiring in %0% days.</key>
-        <key alias="httpsCheckInvalidUrl">Error pinging the URL %0% - '%1%'</key>
+        <key alias="healthCheckInvalidUrl">Error pinging the URL %0% - '%1%'</key>
         <key alias="httpsCheckIsCurrentSchemeHttps">You are currently %0% viewing the site using the HTTPS scheme.</key>
         <key alias="httpsCheckConfigurationRectifyNotPossible">The appSetting 'umbracoUseSSL' is set to 'false' in your web.config file. Once you access this site using the HTTPS scheme, that should be set to 'true'.</key>
         <key alias="httpsCheckConfigurationCheckResult">The appSetting 'umbracoUseSSL' is set to '%0%' in your web.config file, your cookies are %1% marked as secure.</key>
@@ -2091,11 +2091,16 @@ To manage your website, simply open the Umbraco back office and start adding con
 
         <key alias="clickJackingCheckHeaderFound"><![CDATA[The header or meta-tag <strong>X-Frame-Options</strong> used to control whether a site can be IFRAMEd by another was found.]]></key>
         <key alias="clickJackingCheckHeaderNotFound"><![CDATA[The header or meta-tag <strong>X-Frame-Options</strong> used to control whether a site can be IFRAMEd by another was not found.]]></key>
-        <key alias="clickJackingSetHeaderInConfig">Set Header in Config</key>
+        <key alias="setHeaderInConfig">Set Header in Config</key>
         <key alias="clickJackingSetHeaderInConfigDescription">Adds a value to the httpProtocol/customHeaders section of web.config to prevent the site being IFRAMEd by other websites.</key>
         <key alias="clickJackingSetHeaderInConfigSuccess">A setting to create a header preventing IFRAMEing of the site by other websites has been added to your web.config file.</key>
-        <key alias="clickJackingSetHeaderInConfigError">Could not update web.config file. Error: %0%</key>
+        <key alias="setHeaderInConfigError">Could not update web.config file. Error: %0%</key>
 
+        <key alias="noSniffCheckHeaderFound"><![CDATA[The header or meta-tag <strong>X-Content-Type-Options</strong> used to protect against MIME sniffing vulnerabilities was found.]]></key>
+        <key alias="noSniffCheckHeaderNotFound"><![CDATA[The header or meta-tag <strong>X-Content-Type-Options</strong> used to protect against MIME sniffing vulnerabilities was not found.]]></key>
+        <key alias="noSniffSetHeaderInConfigDescription">Adds a value to the httpProtocol/customHeaders section of web.config to protect against MIME sniffing vulnerabilities.</key>
+        <key alias="noSniffSetHeaderInConfigSuccess">A setting to create a header protecting against MIME sniffing vulnerabilities has been added to your web.config file.</key>
+        			
         <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
   	-->
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/es.xml b/src/Umbraco.Web.UI/umbraco/config/lang/es.xml
index 7251932a92..cf44e6e955 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/es.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/es.xml
@@ -1798,7 +1798,7 @@
         <key alias="httpsCheckInvalidCertificate">Error validando certificado: '%0%'</key>
         <key alias="httpsCheckExpiredCertificate">El ceriticado SSL de tu sitio ha caducado.</key>
         <key alias="httpsCheckExpiringCertificate">El ceriticado SSL de tu sitio caducará en %0% días.</key>
-        <key alias="httpsCheckInvalidUrl">Error pinging la URL %0% - '%1%'</key>
+        <key alias="healthCheckInvalidUrl">Error pinging la URL %0% - '%1%'</key>
         <key alias="httpsCheckIsCurrentSchemeHttps">Actualmente estás %0% viendo el sitio usando el esquema HTTPS.</key>
         <key alias="httpsCheckConfigurationRectifyNotPossible">El appSetting 'umbracoUseSSL' está configurado como 'false' en tu archivo web.config. Una vez que accedes al sitio usando HTTPS, debería ser configuraio como 'true'.</key>
         <key alias="httpsCheckConfigurationCheckResult">Ele appSetting 'umbracoUseSSL' está configurado como '%0%' en tu archivo your web.config, tus cookies son %1% marcadas como seguras.</key>
@@ -1838,10 +1838,10 @@
 
         <key alias="clickJackingCheckHeaderFound"><![CDATA[El header or meta-tag <strong>X-Frame-Options</strong> usado para controlar si un sitio puede ser IFRAMEd por otra fue encontrado.]]></key>
         <key alias="clickJackingCheckHeaderNotFound"><![CDATA[El header or meta-tag <strong>X-Frame-Options</strong> usado para controlar si un sitio puede ser IFRAMEd por otra no se ha encontrado.]]></key>
-        <key alias="clickJackingSetHeaderInConfig">Establecer Header en Config</key>
+        <key alias="setHeaderInConfig">Establecer Header en Config</key>
         <key alias="clickJackingSetHeaderInConfigDescription">Adds a value to the httpProtocol/customHeaders section of web.config to prevent the site being IFRAMEd by other websites.</key>
         <key alias="clickJackingSetHeaderInConfigSuccess">A setting to create a header preventing IFRAMEing of the site by other websites has been added to your web.config file.</key>
-        <key alias="clickJackingSetHeaderInConfigError">Could not update web.config file. Error: %0%</key>
+        <key alias="setHeaderInConfigError">Could not update web.config file. Error: %0%</key>
 
         <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/fr.xml b/src/Umbraco.Web.UI/umbraco/config/lang/fr.xml
index 250a9d680d..d721a8fc8b 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/fr.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/fr.xml
@@ -1543,7 +1543,7 @@ Pour gérer votre site, ouvrez simplement le backoffice Umbraco et commencez à
 
 	<key alias="httpsCheckValidCertificate">Le certificat de votre site a été marqué comme valide.</key>
     <key alias="httpsCheckInvalidCertificate">Erreur de validation du certificat : '%0%'</key>
-    <key alias="httpsCheckInvalidUrl">Erreur en essayant de contacter l'URL %0% - '%1%'</key>
+    <key alias="healthCheckInvalidUrl">Erreur en essayant de contacter l'URL %0% - '%1%'</key>
     <key alias="httpsCheckIsCurrentSchemeHttps">Vous êtes actuellement %0% à voir le site via le schéma HTTPS.</key>
     <key alias="httpsCheckConfigurationRectifyNotPossible">La valeur appSetting 'umbracoUseSSL' est fixée à 'false' dans votre fichier web.config. Une fois que vous donnerez accès à ce site en utilisant le schéma HTTPS, cette valeur devra être mise à 'true'.</key>
     <key alias="httpsCheckConfigurationCheckResult">La valeur appSetting 'umbracoUseSSL' est fixée à '%0%' dans votre fichier web.config, vos cookies sont %1% marqués comme étant sécurisés.</key>
@@ -1583,10 +1583,10 @@ Pour gérer votre site, ouvrez simplement le backoffice Umbraco et commencez à
 
     <key alias="clickJackingCheckHeaderFound"><![CDATA[Le header ou meta-tag <strong>X-Frame-Options</strong>, utilisé pour contrôler si un site peut être intégré dans un autre via IFRAME, a été trouvé.]]></key>
     <key alias="clickJackingCheckHeaderNotFound"><![CDATA[Le header ou meta-tag <strong>X-Frame-Options</strong> , utilisé pour contrôler si un site peut être intégré dans un autre via IFRAME, n'a pas été trouvé.]]></key>
-    <key alias="clickJackingSetHeaderInConfig">Configurez le Header dans le fichier Config</key>
+    <key alias="setHeaderInConfig">Configurez le Header dans le fichier Config</key>
     <key alias="clickJackingSetHeaderInConfigDescription">Ajoute une valeur dans la section httpProtocol/customHeaders du fichier web.config afin d'éviter que le site ne soit intégré dans d'autres sites via IFRAME.</key>
     <key alias="clickJackingSetHeaderInConfigSuccess">Une configuration générant un header qui empêche l'intégration du site par d'autres sites via IFRAME a été ajoutée à votre fichier web.config.</key>
-    <key alias="clickJackingSetHeaderInConfigError">Impossible de modifier le fichier web.config. Erreur : %0%</key>
+    <key alias="setHeaderInConfigError">Impossible de modifier le fichier web.config. Erreur : %0%</key>
 
     <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/nl.xml b/src/Umbraco.Web.UI/umbraco/config/lang/nl.xml
index fd49f9764b..d398a839ec 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/nl.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/nl.xml
@@ -1368,7 +1368,7 @@ Om een vertalingstaak te sluiten, ga aub naar het detailoverzicht en klik op de
 
     <key alias="httpsCheckValidCertificate">Het cerficaat van de website is ongeldig.</key>
     <key alias="httpsCheckInvalidCertificate">Cerficaat validatie foutmelding: '%0%'</key>
-    <key alias="httpsCheckInvalidUrl">Fout bij pingen van URL %0% - '%1%'</key>
+    <key alias="healthCheckInvalidUrl">Fout bij pingen van URL %0% - '%1%'</key>
     <key alias="httpsCheckIsCurrentSchemeHttps">De site wordt momenteel %0% bekeken via HTTPS.</key>
     <key alias="httpsCheckConfigurationRectifyNotPossible">De appSetting 'umbracoUseSSL' in web.config staat op 'false'. Indien HTTPS gebruikt wordt moet deze op 'true' staan.</key>
     <key alias="httpsCheckConfigurationCheckResult">De appSetting 'umbracoUseSSL' in web.config is ingesteld op '%0%'. Cookies zijn %1% ingesteld als secure.</key>
@@ -1408,10 +1408,10 @@ Om een vertalingstaak te sluiten, ga aub naar het detailoverzicht en klik op de
 
     <key alias="clickJackingCheckHeaderFound"><![CDATA[De <strong>X-Frame-Options</strong> header of meta-tag om IFRAMEing door andere websites te voorkomen is aanwezig!]]></key>
     <key alias="clickJackingCheckHeaderNotFound"><![CDATA[De <strong>X-Frame-Options</strong> header of meta-tag om IFRAMEing door andere websites te voorkomen is NIET aanwezig.]]></key>
-    <key alias="clickJackingSetHeaderInConfig">Voorkom IFRAMEing via web.config</key>
+    <key alias="setHeaderInConfig">Voorkom IFRAMEing via web.config</key>
     <key alias="clickJackingSetHeaderInConfigDescription">Voegt de instelling toe aan de httpProtocol/customHeaders section in web.config om IFRAMEing door andere websites te voorkomen.</key>
     <key alias="clickJackingSetHeaderInConfigSuccess">De instelling om IFRAMEing door andere websites te voorkomen is toegevoegd aan de web.config!</key>
-    <key alias="clickJackingSetHeaderInConfigError">Web.config kon niet aangepast worden door error: %0%</key>
+    <key alias="setHeaderInConfigError">Web.config kon niet aangepast worden door error: %0%</key>
 
     <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/pl.xml b/src/Umbraco.Web.UI/umbraco/config/lang/pl.xml
index 2d20a933fd..d47b06d10e 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/pl.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/pl.xml
@@ -1618,7 +1618,7 @@ Naciśnij przycisk <strong>instaluj</strong>, aby zainstalować bazę danych Umb
 	  <key alias="httpsCheckInvalidCertificate">Błąd walidacji certyfikatu: '%0%'</key>
     <key alias="httpsCheckExpiredCertificate">Certyfikat SSL Twojej strony wygasł.</key>
     <key alias="httpsCheckExpiringCertificate">Certyfikat SSL Twojej strony wygaśnie za %0% dni.</key>
-	  <key alias="httpsCheckInvalidUrl">Błąd pingowania adresu URL %0% - '%1%'</key>
+	  <key alias="healthCheckInvalidUrl">Błąd pingowania adresu URL %0% - '%1%'</key>
 	  <key alias="httpsCheckIsCurrentSchemeHttps">Oglądasz %0% stronę używając HTTPS.</key>
 	  <key alias="httpsCheckConfigurationRectifyNotPossible">appSetting 'umbracoUseSSL' został ustawiony na 'false' w Twoim pliku web.config. Po uzyskaniu dostępu do strony, używając HTTPS, powinieneś go ustawić na 'true'.</key>
 	  <key alias="httpsCheckConfigurationCheckResult">appSetting 'umbracoUseSSL' został ustawiony na '%0%' w Twoim pliku web.config, Twoje ciasteczka są %1% ustawione jako bezpieczne.</key>
@@ -1658,10 +1658,10 @@ Naciśnij przycisk <strong>instaluj</strong>, aby zainstalować bazę danych Umb
 
     <key alias="clickJackingCheckHeaderFound"><![CDATA[Nagłówek lub meta-tag <strong>X-Frame-Options</strong> używany do kontrolowania czy strona może być IFRAME'owana przez inną został znaleziony.]]></key>
     <key alias="clickJackingCheckHeaderNotFound"><![CDATA[Nagłówek lub meta-tag <strong>X-Frame-Options</strong> używany do kontrolowania czy strona może być IFRAME'owana przez inną nie został znaleziony.]]></key>
-    <key alias="clickJackingSetHeaderInConfig">Ustaw nagłówek w Config</key>
+    <key alias="setHeaderInConfig">Ustaw nagłówek w Config</key>
     <key alias="clickJackingSetHeaderInConfigDescription">Dodaje wartość do sekcji httpProtocol/customHeaders pliku web.config, aby zapobiec IFRAME'owania strony przez inne witryny.</key>
     <key alias="clickJackingSetHeaderInConfigSuccess">Ustawienie do tworzenia nagłówka, zapobiegającego IFRAME'owania strony przez inne witryny zostało dodane do Twojego pliku web.config.</key>
-    <key alias="clickJackingSetHeaderInConfigError">Nie można zaktualizować pliku web.config. Błąd: %0%</key>
+    <key alias="setHeaderInConfigError">Nie można zaktualizować pliku web.config. Błąd: %0%</key>
 
     <!-- Następujące klucze spowodują, że tokeny zostaną przekazane:
 	    0: Lista znalezionych nagłówków, oddzielonych przecinkami
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/ru.xml b/src/Umbraco.Web.UI/umbraco/config/lang/ru.xml
index be7dee3290..009fbdb683 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/ru.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/ru.xml
@@ -756,7 +756,7 @@
 
     <key alias="httpsCheckValidCertificate">Сертификат Вашего веб-сайта отмечен как проверенный.</key>
     <key alias="httpsCheckInvalidCertificate">Ошибка проверки сертификата: '%0%'</key>
-    <key alias="httpsCheckInvalidUrl">Ошибка проверки адреса URL %0% - '%1%'</key>
+    <key alias="healthCheckInvalidUrl">Ошибка проверки адреса URL %0% - '%1%'</key>
     <key alias="httpsCheckIsCurrentSchemeHttps">Сейчас Вы %0% просматриваете сайт, используя протокол HTTPS.</key>
     <key alias="httpsCheckConfigurationRectifyNotPossible">Параметр 'umbracoUseSSL' в секции 'appSetting' установлен в 'false' в файле web.config. Если Вам необходим доступ к сайту по протоколу HTTPS, нужно установить данный параметр в 'true'.</key>
     <key alias="httpsCheckConfigurationCheckResult">Параметр 'umbracoUseSSL' в секции 'appSetting' в файле установлен в '%0%', значения cookies %1% маркированы как безопасные.</key>
@@ -796,10 +796,10 @@
 
     <key alias="clickJackingCheckHeaderFound"><![CDATA[Был обнаружен заголовок или мета-тэг <strong>X-Frame-Options</strong>, использующийся для управления возможностью помещать сайт в IFRAME на другом сайте.]]></key>
     <key alias="clickJackingCheckHeaderNotFound"><![CDATA[Заголовок или мета-тэг <strong>X-Frame-Options</strong>, использующийся для управления возможностью помещать сайт в IFRAME на другом сайте, не обнаружен.]]></key>
-    <key alias="clickJackingSetHeaderInConfig">Установить заголовок в файле конфигурации</key>
+    <key alias="setHeaderInConfig">Установить заголовок в файле конфигурации</key>
     <key alias="clickJackingSetHeaderInConfigDescription">Добавляет значение в секцию 'httpProtocol/customHeaders' файла web.config, препятствующее возможному использованию этого сайта внутри IFRAME на другом сайте.</key>
     <key alias="clickJackingSetHeaderInConfigSuccess">Значение, добавляющее заголовок, препятствующий использованию этого сайта внутри IFRAME другого сайта, успешно добавлено в файл web.config.</key>
-    <key alias="clickJackingSetHeaderInConfigError">Невозможно обновить файл web.config. Ошибка: %0%</key>
+    <key alias="setHeaderInConfigError">Невозможно обновить файл web.config. Ошибка: %0%</key>
 
     <!-- The following key get these tokens passed in:
 	    0: Comma delimitted list of headers found
diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/zh.xml b/src/Umbraco.Web.UI/umbraco/config/lang/zh.xml
index 0c879178b0..da2c1e3159 100644
--- a/src/Umbraco.Web.UI/umbraco/config/lang/zh.xml
+++ b/src/Umbraco.Web.UI/umbraco/config/lang/zh.xml
@@ -1550,7 +1550,7 @@
     <key alias="xmlDataIntegrityCheckContent">Content - Total XML: %0%, Total published: %1%, Total invalid: %2%</key>
     <key alias="httpsCheckValidCertificate">Your site certificate was marked as valid.</key>
     <key alias="httpsCheckInvalidCertificate">Certificate validation error: '%0%'</key>
-    <key alias="httpsCheckInvalidUrl">Error pinging the URL %0% - '%1%'</key>
+    <key alias="healthCheckInvalidUrl">Error pinging the URL %0% - '%1%'</key>
     <key alias="httpsCheckIsCurrentSchemeHttps">You are currently %0% viewing the site using the HTTPS scheme.</key>
     <key alias="httpsCheckConfigurationRectifyNotPossible">The appSetting 'umbracoUseSSL' is set to 'false' in your web.config file. Once you access this site using the HTTPS scheme, that should be set to 'true'.</key>
     <key alias="httpsCheckConfigurationCheckResult">The appSetting 'umbracoUseSSL' is set to '%0%' in your web.config file, your cookies are %1% marked as secure.</key>
@@ -1584,10 +1584,10 @@
     <key alias="optionalFilePermissionFailed"><![CDATA[The following files must be set up with write permissions for certain Umbraco operations to function but could not be acccessed: <strong>%0%</strong>. If they aren't being written to no action need be taken.]]></key>
     <key alias="clickJackingCheckHeaderFound"><![CDATA[The header or meta-tag <strong>X-Frame-Options</strong> used to control whether a site can be IFRAMEd by another was found.]]></key>
     <key alias="clickJackingCheckHeaderNotFound"><![CDATA[The header or meta-tag <strong>X-Frame-Options</strong> used to control whether a site can be IFRAMEd by another was not found.]]></key>
-    <key alias="clickJackingSetHeaderInConfig">Set Header in Config</key>
+    <key alias="setHeaderInConfig">Set Header in Config</key>
     <key alias="clickJackingSetHeaderInConfigDescription">Adds a value to the httpProtocol/customHeaders section of web.config to prevent the site being IFRAMEd by other websites.</key>
     <key alias="clickJackingSetHeaderInConfigSuccess">A setting to create a header preventing IFRAMEing of the site by other websites has been added to your web.config file.</key>
-    <key alias="clickJackingSetHeaderInConfigError">Could not update web.config file. Error: %0%</key>
+    <key alias="setHeaderInConfigError">Could not update web.config file. Error: %0%</key>
 
     <!-- The following key get these tokens passed in:
       0: Comma delimitted list of headers found
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
new file mode 100644
index 0000000000..97e93543bf
--- /dev/null
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
@@ -0,0 +1,216 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Text.RegularExpressions;
+using System.Xml.Linq;
+using System.Xml.XPath;
+using Umbraco.Core.IO;
+using Umbraco.Core.Services;
+
+namespace Umbraco.Web.HealthCheck.Checks.Security
+{
+    public abstract class BaseHttpHeaderCheck : HealthCheck
+    {
+        private readonly ILocalizedTextService _textService;
+
+        private const string SetHeaderInConfigAction = "setHeaderInConfig";
+
+        private readonly string _header;
+        private readonly string _value;
+        private readonly string _localizedTextPrefix;
+        private readonly bool _metaTagOptionAvailable;
+
+        public BaseHttpHeaderCheck(HealthCheckContext healthCheckContext, 
+            string header, string value, string localizedTextPrefix, bool metaTagOptionAvailable) : base(healthCheckContext)
+        {
+            _textService = healthCheckContext.ApplicationContext.Services.TextService;
+
+            _header = header;
+            _value = value;
+            _localizedTextPrefix = localizedTextPrefix;
+            _metaTagOptionAvailable = metaTagOptionAvailable;
+        }
+
+        /// <summary>
+        /// Get the status for this health check
+        /// </summary>
+        /// <returns></returns>
+        public override IEnumerable<HealthCheckStatus> GetStatus()
+        {
+            //return the statuses
+            return new[] { CheckForHeader() };
+        }
+
+        /// <summary>
+        /// Executes the action and returns it's status
+        /// </summary>
+        /// <param name="action"></param>
+        /// <returns></returns>
+        public override HealthCheckStatus ExecuteAction(HealthCheckAction action)
+        {
+            switch (action.Alias)
+            {
+                case SetHeaderInConfigAction:
+                    return SetHeaderInConfig();
+                default:
+                    throw new InvalidOperationException("HTTP Header action requested is either not executable or does not exist");
+            }
+        }
+
+        protected HealthCheckStatus CheckForHeader()
+        {
+            var message = string.Empty;
+            var success = false;
+
+            // Access the site home page and check for the click-jack protection header or meta tag
+            var url = HealthCheckContext.SiteUrl;
+            var request = WebRequest.Create(url);
+            request.Method = "GET";
+            try
+            {
+                var response = request.GetResponse();
+
+                // Check first for header
+                success = DoHttpHeadersContainHeader(response);
+
+                // If not found, and available, check for meta-tag
+                if (success == false && _metaTagOptionAvailable)
+                {
+                    success = DoMetaTagsContainKeyForHeader(response);
+                }
+
+                message = success
+                    ? _textService.Localize(string.Format("healthcheck/{0}CheckHeaderFound", _localizedTextPrefix))
+                    : _textService.Localize(string.Format("healthcheck/{0}CheckHeaderNotFound", _localizedTextPrefix));
+            }
+            catch (Exception ex)
+            {
+                message = _textService.Localize("healthcheck/healthCheckInvalidUrl", new[] { url, ex.Message });
+            }
+
+            var actions = new List<HealthCheckAction>();
+            if (success == false)
+            {
+                actions.Add(new HealthCheckAction(SetHeaderInConfigAction, Id)
+                {
+                    Name = _textService.Localize("healthcheck/setHeaderInConfig"),
+                    Description = _textService.Localize(string.Format("healthcheck/{0}SetHeaderInConfigDescription", _localizedTextPrefix))
+                });
+            }
+
+            return
+                new HealthCheckStatus(message)
+                {
+                    ResultType = success ? StatusResultType.Success : StatusResultType.Error,
+                    Actions = actions
+                };
+        }
+
+        private bool DoHttpHeadersContainHeader(WebResponse response)
+        {
+            return response.Headers.AllKeys.Contains(_header);
+        }
+
+        private bool DoMetaTagsContainKeyForHeader(WebResponse response)
+        {
+            using (var stream = response.GetResponseStream())
+            {
+                if (stream == null) return false;
+                using (var reader = new StreamReader(stream))
+                {
+                    var html = reader.ReadToEnd();
+                    var metaTags = ParseMetaTags(html);
+                    return metaTags.ContainsKey(_header);
+                }
+            }
+        }
+
+        private static Dictionary<string, string> ParseMetaTags(string html)
+        {
+            var regex = new Regex("<meta http-equiv=\"(.+?)\" content=\"(.+?)\"", RegexOptions.IgnoreCase);
+
+            return regex.Matches(html)
+                .Cast<Match>()
+                .ToDictionary(m => m.Groups[1].Value, m => m.Groups[2].Value);
+        }
+
+        private HealthCheckStatus SetHeaderInConfig()
+        {
+            var errorMessage = string.Empty;
+            var success = SaveHeaderToConfigFile(out errorMessage);
+
+            if (success)
+            {
+                return
+                    new HealthCheckStatus(_textService.Localize(string.Format("healthcheck/{0}SetHeaderInConfigSuccess", _localizedTextPrefix)))
+                    {
+                        ResultType = StatusResultType.Success
+                    };
+            }
+
+            return
+                new HealthCheckStatus(_textService.Localize("healthcheck/setHeaderInConfigError", new [] { errorMessage }))
+                {
+                    ResultType = StatusResultType.Error
+                };
+        }
+
+        private bool SaveHeaderToConfigFile(out string errorMessage)
+        {
+            try
+            {
+                // There don't look to be any useful classes defined in https://msdn.microsoft.com/en-us/library/system.web.configuration(v=vs.110).aspx
+                // for working with the customHeaders section, so working with the XML directly.
+                var configFile = IOHelper.MapPath("~/Web.config");
+                var doc = XDocument.Load(configFile);
+                var systemWebServerElement = doc.XPathSelectElement("/configuration/system.webServer");
+                var httpProtocolElement = systemWebServerElement.Element("httpProtocol");
+                if (httpProtocolElement == null)
+                {
+                    httpProtocolElement = new XElement("httpProtocol");
+                    systemWebServerElement.Add(httpProtocolElement);
+                }
+
+                var customHeadersElement = httpProtocolElement.Element("customHeaders");
+                if (customHeadersElement == null)
+                {
+                    customHeadersElement = new XElement("customHeaders");
+                    httpProtocolElement.Add(customHeadersElement);
+                }
+
+                var removeHeaderElement = customHeadersElement.Elements("remove")
+                    .SingleOrDefault(x => x.Attribute("name") != null &&
+                                          x.Attribute("name")?.Value == _value);
+                if (removeHeaderElement == null)
+                {
+                    removeHeaderElement = new XElement("remove");
+                    removeHeaderElement.Add(new XAttribute("name", _header));
+                    customHeadersElement.Add(removeHeaderElement);
+                }
+
+                var addHeaderElement = customHeadersElement.Elements("add")
+                    .SingleOrDefault(x => x.Attribute("name") != null &&
+                                          x.Attribute("name").Value == _header);
+                if (addHeaderElement == null)
+                {
+                    addHeaderElement = new XElement("add");
+                    addHeaderElement.Add(new XAttribute("name", _header));
+                    addHeaderElement.Add(new XAttribute("value", _value));
+                    customHeadersElement.Add(addHeaderElement);
+                }
+
+                doc.Save(configFile);
+
+                errorMessage = string.Empty;
+                return true;
+            }
+            catch (Exception ex)
+            {
+                errorMessage = ex.Message;
+                return false;
+            }
+        }
+    }
+}
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
index 03ef48c5b5..16813736e7 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
@@ -1,214 +1,15 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Net;
-using System.Text.RegularExpressions;
-using System.Xml.Linq;
-using System.Xml.XPath;
-using Umbraco.Core.Configuration;
-using Umbraco.Core.IO;
-using Umbraco.Core.Services;
-
-namespace Umbraco.Web.HealthCheck.Checks.Security
+namespace Umbraco.Web.HealthCheck.Checks.Security
 {
     [HealthCheck(
         "ED0D7E40-971E-4BE8-AB6D-8CC5D0A6A5B0",
         "Click-Jacking Protection",
         Description = "Checks if your site is allowed to be IFRAMEd by another site and thus would be susceptible to click-jacking.",
         Group = "Security")]
-    public class ClickJackingCheck : HealthCheck
+    public class ClickJackingCheck : BaseHttpHeaderCheck
     {
-        private readonly ILocalizedTextService _textService;
-
-        private const string SetFrameOptionsHeaderInConfigActiobn = "setFrameOptionsHeaderInConfig";
-
-        private const string XFrameOptionsHeader = "X-Frame-Options";
-        private const string XFrameOptionsValue = "sameorigin"; // Note can't use "deny" as that would prevent Umbraco itself using IFRAMEs
-
-        public ClickJackingCheck(HealthCheckContext healthCheckContext) : base(healthCheckContext)
+        public ClickJackingCheck(HealthCheckContext healthCheckContext)
+            : base(healthCheckContext, "X-Frame-Options", "sameorigin", "clickJacking", true)
         {
-            _textService = healthCheckContext.ApplicationContext.Services.TextService;
-        }
-
-        /// <summary>
-        /// Get the status for this health check
-        /// </summary>
-        /// <returns></returns>
-        public override IEnumerable<HealthCheckStatus> GetStatus()
-        {
-            //return the statuses
-            return new[] { CheckForFrameOptionsHeader() };
-        }
-
-        /// <summary>
-        /// Executes the action and returns it's status
-        /// </summary>
-        /// <param name="action"></param>
-        /// <returns></returns>
-        public override HealthCheckStatus ExecuteAction(HealthCheckAction action)
-        {
-            switch (action.Alias)
-            {
-                case SetFrameOptionsHeaderInConfigActiobn:
-                    return SetFrameOptionsHeaderInConfig();
-                default:
-                    throw new InvalidOperationException("HttpsCheck action requested is either not executable or does not exist");
-            }
-        }
-
-        private HealthCheckStatus CheckForFrameOptionsHeader()
-        {
-            var message = string.Empty;
-            var success = false;
-
-            // Access the site home page and check for the click-jack protection header or meta tag
-            var url = HealthCheckContext.SiteUrl;
-            var request = WebRequest.Create(url);
-            request.Method = "GET";
-            try
-            {
-                var response = request.GetResponse();
-
-                // Check first for header
-                success = DoHeadersContainFrameOptions(response);
-
-                // If not found, check for meta-tag
-                if (success == false)
-                {
-                    success = DoMetaTagsContainFrameOptions(response);
-                }
-
-                message = success
-                    ? _textService.Localize("healthcheck/clickJackingCheckHeaderFound")
-                    : _textService.Localize("healthcheck/clickJackingCheckHeaderNotFound");
-            }
-            catch (Exception ex)
-            {
-                message = _textService.Localize("healthcheck/httpsCheckInvalidUrl", new[] { url, ex.Message });
-            }
-
-            var actions = new List<HealthCheckAction>();
-            if (success == false)
-            {
-                actions.Add(new HealthCheckAction(SetFrameOptionsHeaderInConfigActiobn, Id)
-                {
-                    Name = _textService.Localize("healthcheck/clickJackingSetHeaderInConfig"),
-                    Description = _textService.Localize("healthcheck/clickJackingSetHeaderInConfigDescription")
-                });
-            }
-
-            return
-                new HealthCheckStatus(message)
-                {
-                    ResultType = success ? StatusResultType.Success : StatusResultType.Error,
-                    Actions = actions
-                };
-        }
-
-        private static bool DoHeadersContainFrameOptions(WebResponse response)
-        {
-            return response.Headers.AllKeys.Contains(XFrameOptionsHeader);
-        }
-
-        private static bool DoMetaTagsContainFrameOptions(WebResponse response)
-        {
-            using (var stream = response.GetResponseStream())
-            {
-                if (stream == null) return false;
-                using (var reader = new StreamReader(stream))
-                {
-                    var html = reader.ReadToEnd();
-                    var metaTags = ParseMetaTags(html);
-                    return metaTags.ContainsKey(XFrameOptionsHeader);
-                }
-            }
-        }
-
-        private static Dictionary<string, string> ParseMetaTags(string html)
-        {
-            var regex = new Regex("<meta http-equiv=\"(.+?)\" content=\"(.+?)\"", RegexOptions.IgnoreCase);
-
-            return regex.Matches(html)
-                .Cast<Match>()
-                .ToDictionary(m => m.Groups[1].Value, m => m.Groups[2].Value);
-        }
-
-        private HealthCheckStatus SetFrameOptionsHeaderInConfig()
-        {
-            var errorMessage = string.Empty;
-            var success = SaveHeaderToConfigFile(out errorMessage);
-
-            if (success)
-            {
-                return
-                    new HealthCheckStatus(_textService.Localize("healthcheck/clickJackingSetHeaderInConfigSuccess"))
-                    {
-                        ResultType = StatusResultType.Success
-                    };
-            }
-
-            return
-                new HealthCheckStatus(_textService.Localize("healthcheck/clickJackingSetHeaderInConfigError", new [] { errorMessage }))
-                {
-                    ResultType = StatusResultType.Error
-                };
-        }
-
-        private static bool SaveHeaderToConfigFile(out string errorMessage)
-        {
-            try
-            {
-                // There don't look to be any useful classes defined in https://msdn.microsoft.com/en-us/library/system.web.configuration(v=vs.110).aspx
-                // for working with the customHeaders section, so working with the XML directly.
-                var configFile = IOHelper.MapPath("~/Web.config");
-                var doc = XDocument.Load(configFile);
-                var systemWebServerElement = doc.XPathSelectElement("/configuration/system.webServer");
-                var httpProtocolElement = systemWebServerElement.Element("httpProtocol");
-                if (httpProtocolElement == null)
-                {
-                    httpProtocolElement = new XElement("httpProtocol");
-                    systemWebServerElement.Add(httpProtocolElement);
-                }
-
-                var customHeadersElement = httpProtocolElement.Element("customHeaders");
-                if (customHeadersElement == null)
-                {
-                    customHeadersElement = new XElement("customHeaders");
-                    httpProtocolElement.Add(customHeadersElement);
-                }
-
-                var removeHeaderElement = customHeadersElement.Elements("remove")
-                    .SingleOrDefault(x => x.Attribute("name") != null &&
-                                          x.Attribute("name").Value == XFrameOptionsHeader);
-                if (removeHeaderElement == null)
-                {
-                    removeHeaderElement = new XElement("remove");
-                    removeHeaderElement.Add(new XAttribute("name", XFrameOptionsHeader));
-                    customHeadersElement.Add(removeHeaderElement);
-                }
-
-                var addHeaderElement = customHeadersElement.Elements("add")
-                    .SingleOrDefault(x => x.Attribute("name") != null &&
-                                          x.Attribute("name").Value == XFrameOptionsHeader);
-                if (addHeaderElement == null)
-                {
-                    addHeaderElement = new XElement("add");
-                    addHeaderElement.Add(new XAttribute("name", XFrameOptionsHeader));
-                    addHeaderElement.Add(new XAttribute("value", XFrameOptionsValue));
-                    customHeadersElement.Add(addHeaderElement);
-                }
-
-                doc.Save(configFile);
-
-                errorMessage = string.Empty;
-                return true;
-            }
-            catch (Exception ex)
-            {
-                errorMessage = ex.Message;
-                return false;
-            }
         }
     }
 }
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/ExcessiveHeadersCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/ExcessiveHeadersCheck.cs
index a808538a31..b8ffac15d7 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/ExcessiveHeadersCheck.cs
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/ExcessiveHeadersCheck.cs
@@ -2,8 +2,6 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
-using System.Web;
-using Umbraco.Core.Configuration;
 using Umbraco.Core.Services;
 
 namespace Umbraco.Web.HealthCheck.Checks.Security
@@ -66,7 +64,7 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
             }
             catch (Exception ex)
             {
-                message = _textService.Localize("healthcheck/httpsCheckInvalidUrl", new[] { url, ex.Message });
+                message = _textService.Localize("healthcheck/healthCheckInvalidUrl", new[] { url, ex.Message });
             }
 
             var actions = new List<HealthCheckAction>();
@@ -78,4 +76,4 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
                 };
         }
    }
-}
\ No newline at end of file
+}
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs
index 155730a56e..e109c04bde 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs
@@ -94,7 +94,7 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
                 else
                 {
                     result = StatusResultType.Error;
-                    message = _textService.Localize("healthcheck/httpsCheckInvalidUrl", new[] { url, response.StatusDescription });
+                    message = _textService.Localize("healthcheck/healthCheckInvalidUrl", new[] { url, response.StatusDescription });
                 }
             }
             catch (Exception ex)
@@ -104,11 +104,11 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
                 {
                     message = exception.Status == WebExceptionStatus.TrustFailure
                         ? _textService.Localize("healthcheck/httpsCheckInvalidCertificate", new [] { exception.Message })
-                        : _textService.Localize("healthcheck/httpsCheckInvalidUrl", new [] { url, exception.Message });
+                        : _textService.Localize("healthcheck/healthCheckInvalidUrl", new [] { url, exception.Message });
                 }
                 else
                 {
-                    message = _textService.Localize("healthcheck/httpsCheckInvalidUrl", new[] { url, ex.Message });
+                    message = _textService.Localize("healthcheck/healthCheckInvalidUrl", new[] { url, ex.Message });
                 }
 
                 result = StatusResultType.Error;
@@ -197,4 +197,4 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
                 };
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/NoSniffCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/NoSniffCheck.cs
new file mode 100644
index 0000000000..4982d9f272
--- /dev/null
+++ b/src/Umbraco.Web/HealthCheck/Checks/Security/NoSniffCheck.cs
@@ -0,0 +1,15 @@
+namespace Umbraco.Web.HealthCheck.Checks.Security
+{
+    [HealthCheck(
+        "1CF27DB3-EFC0-41D7-A1BB-EA912064E071",
+        "Content/MIME Sniffing Protection",
+        Description = "Checks that your site contains a header used to protect against MIME sniffing vulnerabilities.",
+        Group = "Security")]
+    public class NoSniffCheck : BaseHttpHeaderCheck
+    {
+        public NoSniffCheck(HealthCheckContext healthCheckContext) 
+            : base(healthCheckContext, "X-Content-Type-Options", "nosniff", "noSniff", false)
+        {
+        }
+    }
+}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 104d4932c2..8a0106e0b1 100644
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -365,6 +365,8 @@
     <Compile Include="HealthCheck\Checks\Config\TraceCheck.cs" />
     <Compile Include="HealthCheck\Checks\Config\ValueComparisonType.cs" />
     <Compile Include="HealthCheck\Checks\Config\CompilationDebugCheck.cs" />
+    <Compile Include="HealthCheck\Checks\Security\BaseHttpHeaderCheck.cs" />
+    <Compile Include="HealthCheck\Checks\Security\NoSniffCheck.cs" />
     <Compile Include="HealthCheck\Checks\Services\SmtpCheck.cs" />
     <Compile Include="HealthCheck\Checks\Permissions\FolderAndFilePermissionsCheck.cs" />
     <Compile Include="HealthCheck\Checks\Security\ExcessiveHeadersCheck.cs" />