IE 8 adds the ability to opt-out of content type sniffing, a traditional security vulnerability^H^H^Hfeature in that browser.
As of beta 2 this can be done by sending:
This might be wise to send with all MediaWiki output as another layer against type-aliasing sorts of attacks (eg serving raw page text that gets sniffed as HTML).
Unfortunately we can't have MediaWiki add this to uploaded files served from the regular web server; that would be a nice trick. :) But we could put it on there for img_auth.php, thumb.php, etc.
The header should be ignored by other (better-behaving) browsers.