Index: admin-ajax.php
===================================================================
--- admin-ajax.php	(revision 11867)
+++ admin-ajax.php	(working copy)
@@ -17,6 +17,7 @@
 require_once('../wp-load.php');
 require_once('includes/admin.php');
 @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+@header('X-Content-Type-Options: nosniff'); // assert MIME type, disabling content sniffing in supporting browsers
 
 do_action('admin_init');