MIME-type sniffing on IE can lead to unexpected code execution. It can be disabled using an extra header:
X-Content-Type-Options: nosniff
It should be added to all avatar-serving responses that aren't redirections, but it could also be sent through with other dynamic and static content.
MIME-type sniffing on IE can lead to unexpected code execution. It can be disabled using an extra header:
X-Content- Type-Options: nosniff
It should be added to all avatar-serving responses that aren't redirections, but it could also be sent through with other dynamic and static content.