intertwingly

Eric Lawrence: Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type.

I can’t can now reproduce this, either with the feeds I care about or and with the testcase provided.

UserAgent sent:

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Headers produced:

HTTP/1.1 200 OK
Date: Wed, 03 Sep 2008 12:04:44 GMT
Server: Apache
Last-Modified: Fri, 13 Apr 2007 13:10:42 GMT
ETag: "420214-2d2-3b057880"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
Content-Type: text/plain; charset=utf-8
Connection: close

Meanwhile, Safari 3.1.2 (on Mac OSX), Opera 9.52, and Google Chrome gets it right in both cases.  Without needing a X-Content-Type-Options header.

Firefox 3.0.1, Safari 3.1.2 (on Windows), and Opera 9.52 continue to disappoint.

Update: Reinstalled IE8Beta2, and the tests now pass.  Retested Opera 9.52 on both Ubuntu 8.04 and Windows XP, and it too passes (Operator error? Caching problem? Who knows!).