diff --git a/common/routes_common.go b/common/routes_common.go
index 3a48734c..1702a19f 100644
--- a/common/routes_common.go
+++ b/common/routes_common.go
@@ -293,6 +293,7 @@ func preRoute(w http.ResponseWriter, r *http.Request) (User, bool) {
 	h.Set("X-Frame-Options", "deny")
 	h.Set("X-XSS-Protection", "1; mode=block") // TODO: Remove when we add a CSP? CSP's are horrendously glitchy things, tread with caution before removing
 	// TODO: Set the content policy header
+	h.Set("X-Content-Type-Options", "nosniff")
 
 	return *usercpy, true
 }
diff --git a/themes/nox/public/panel.css b/themes/nox/public/panel.css
index d76ae280..b8d10c4e 100644
--- a/themes/nox/public/panel.css
+++ b/themes/nox/public/panel.css
@@ -83,7 +83,7 @@
 	padding: 12px;
 }
 
-.to_right, .panel_buttons {
+.to_right, .panel_buttons, .panel_floater {
 	margin-left: auto;
 }