diff --git a/core/mondoo-http-security.mql.yaml b/core/mondoo-http-security.mql.yaml
new file mode 100644
index 00000000..331febaf
--- /dev/null
+++ b/core/mondoo-http-security.mql.yaml
@@ -0,0 +1,57 @@
+# Copyright (c) Mondoo, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+policies:
+  - uid: mondoo-http-security
+    name: HTTP Security
+    version: 1.0.0
+    license: BUSL-1.1
+    tags:
+      mondoo.com/category: security
+      mondoo.com/platform: network
+    authors:
+      - name: Mondoo, Inc
+        email: hello@mondoo.com
+    docs:
+      desc: |
+        ## Overview
+
+        The HTTP Security by Mondoo policy includes checks for ensuring the security of HTTP headers.
+
+        ## Remote scan
+
+        Remote scans use cnspec providers to retrieve on-demand scan results without having to install any agents.
+
+        For a complete list of providers run:
+
+        ```bash
+        cnspec scan --help
+        ```
+
+        ### Scan a host
+
+        ```bash
+        cnspec scan host <fqdn>
+        ```
+
+        ## Join the community!
+
+        Our goal is to build policies that are simple to deploy, accurate, and actionable.
+
+        If you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
+    groups:
+      - title: Secure HTTP headers
+        filters: asset.platform == "host"
+        checks:
+          - uid: mondoo-http-security-x-content-type-options-nosniff
+    scoring_system: 2
+queries:
+  - uid: mondoo-http-security-x-content-type-options-nosniff
+    title: Set X-Content-Type-Options HTTP header to 'nosniff'
+    mql: http.get.header.xContentTypeOptions == "nosniff"
+    docs:
+      desc: |
+        Avoid MIME Type sniffing by setting the 'X-Content-Type-Options' HTTP header to 'nosniff'
+    refs:
+      - url: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+        title: MDN Web Docs X-Content-Type-Options