Comment 3 for bug 1470281

Actually I think this blog entry provides the best example: http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx

"For example, consider the following HTTP-response:

    HTTP/1.1 200 OK
    Content-Length: 108
    Date: Thu, 26 Jun 2008 22:06:28 GMT
    Content-Type: text/plain;
    X-Content-Type-Options: nosniff

    <html>
    <body bgcolor="#AA0000">
    This page renders as HTML source code (text) in IE8.
    </body>
    </html>

In IE7, the text is interpreted as HTML:

IE7 text interpreted as HTML

In IE8, the page is rendered in plaintext:

IE8 text rendered as plain text

Sites hosting untrusted content can use the nosniff directive to ensure that text/plain files are not sniffed to anything else."