id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
10671	Opt-out of content snuffing for admin ajax	niallkennedy		"Browsers such as Internet Explorer include a MIME-sniffing feature that scans the beginning of a downloaded resource to determine the correct MIME render mode regardless of the Content-Type header. [http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx Internet Explorer 8] and [http://src.chromium.org/viewvc/chrome?view=rev&revision=6985 Chromium] allow page authors to opt-out of the sniff, asserting they don't need content to pass through such a feature.

Adding a HTTP Header of ""X-Content-Type-Options: nosniff"" eliminates the sniffing process, speeding up content rendering.

Opting-out of browser MIME sniff is especially beneficial on small Ajax payloads. Starting with admin-ajax.php and index-extra.php from wp-admin for that reason."	enhancement	closed	normal	3.0	Administration	2.8.4	normal	fixed	has-patch commit