Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 13299)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -21,6 +21,7 @@
 
 require_once('includes/admin.php');
 @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+@header( 'X-Content-Type-Options: nosniff' );
 
 do_action('admin_init');
 
Index: wp-admin/index-extra.php
===================================================================
--- wp-admin/index-extra.php	(revision 13299)
+++ wp-admin/index-extra.php	(working copy)
@@ -13,6 +13,7 @@
 require( 'includes/dashboard.php' );
 
 @header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
+@header( 'X-Content-Type-Options: nosniff' );
 
 switch ( $_GET['jax'] ) {