%% You should probably cite draft-ietf-websec-mime-sniff instead of this I-D. @techreport{abarth-mime-sniff-06, number = {draft-abarth-mime-sniff-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-abarth-mime-sniff/06/}, author = {Adam Barth and Ian Hickson}, title = {{Media Type Sniffing}}, pagetotal = 21, year = 2011, month = jan, day = 24, abstract = {Many web servers supply incorrect Content-Type header fields with their HTTP responses. In order to be compatible with these servers, user agents consider the content of HTTP responses as well as the Content-Type header fields when determining the effective media type of the response. This document describes an algorithm for determining the effective media type of HTTP responses that balances security and compatibility considerations. Please send feedback on this draft to apps-discuss@ietf.org.}, }