Browsers will ignore content-type in many cases (html5 embraced that quirk), but they do have to sniff the bytes to confirm their hunch. You could use `file` to detect images. Or use the content length, maybe by changing hit quotas into bandwidth quotas.