Actually I think this blog entry provides the best example: http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
"For example, consider the following HTTP-response:
HTTP/1.1 200 OK Content-Length: 108 Date: Thu, 26 Jun 2008 22:06:28 GMT Content-Type: text/plain; X-Content-Type-Options: nosniff
<html> <body bgcolor="#AA0000"> This page renders as HTML source code (text) in IE8. </body> </html>
In IE7, the text is interpreted as HTML:
IE7 text interpreted as HTML
In IE8, the page is rendered in plaintext:
IE8 text rendered as plain text
Sites hosting untrusted content can use the nosniff directive to ensure that text/plain files are not sniffed to anything else."
Actually I think this blog entry provides the best example: http:// blogs.msdn. com/b/ie/ archive/ 2008/07/ 02/ie8- security- part-v- comprehensive- protection. aspx
"For example, consider the following HTTP-response:
HTTP/1.1 200 OK Type-Options: nosniff
Content-Length: 108
Date: Thu, 26 Jun 2008 22:06:28 GMT
Content-Type: text/plain;
X-Content-
<html>
<body bgcolor="#AA0000">
This page renders as HTML source code (text) in IE8.
</body>
</html>
In IE7, the text is interpreted as HTML:
IE7 text interpreted as HTML
In IE8, the page is rendered in plaintext:
IE8 text rendered as plain text
Sites hosting untrusted content can use the nosniff directive to ensure that text/plain files are not sniffed to anything else."