Y
Hacker News
new
|
ask
|
show
|
jobs
by
jusob
2770 days ago
On your server, send "X-Content-Type: nosniff" and make sure the right Content-Type is returned by the server. This will prevent browsers to load an image file (Content-Type: image/png) as anything else than an image.