MIME and Media Type sniffing explained and the type of attacks it leads to

Any content served through HTTP “should” include meta data about its type. This is so the browser/client knows what to do with the content it receives. For example, if the content type header is an image the browser will preview it, if it is HTML it will render the markup and execute any javascript code. Content type however is optional and web masters sometimes don’t set it, which leave the browsers wondering about the content type it is consuming. So browsers had to implement parsing and “sniffing” techniques to detect the type of content when a content type header was not served. However, this caused security problems and attacks that we explain in this video! So to prevent sniffing, web servers can return X-Content-Type-Options: nosniff which opts out browsers from sniffing the content. Media type: https://en.wikipedia.org/wiki/Media_type#Common_examples Cheers! Hussein Nasser