IE 8 adds the ability to opt-out of content type sniffing, a traditional security vulnerability^H^H^Hfeature in that browser.
As of beta 2 this can be done by sending:
X-Content-Type-Options: nosniff
This might be wise to send with all MediaWiki output as another layer against type-aliasing sorts of attacks (eg serving raw page text that gets sniffed as HTML).
Unfortunately we can't have MediaWiki add this to uploaded files served from the regular web server; that would be a nice trick. :) But we could put it on there for img_auth.php, thumb.php, etc.
The header should be ignored by other (better-behaving) browsers.
Version: unspecified
Severity: enhancement
URL: http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx