Content Sniffing
Content Sniffing, or MIME sniffing, is the process by which a web browser inspects the content of a webpage to determine its MIME type (Multipurpose Internet Mail Extensions), rather than relying solely on the file extension or Content-Type HTTP header. This capability allows browsers to handle files correctly even if they come with incorrect metadata. However, content sniffing can be exploited for malicious purposes, such as executing cross-site scripting (XSS) attacks through seemingly innocuous files, prompting the development of security measures like the “X-Content-Type-Options” HTTP header to mitigate such risks.