I'd like to point out that the topic of consistent content inspection was discussed in the websec working group via: http://tools.ietf.org/html/draft-ietf-websec-mime-sniff-03 which was abandoned in the IETF and taken up by WHATWG in http://mimesniff.spec.whatwg.org/. The "bugs" filed in IETF tracker: http://trac.tools.ietf.org/wg/websec/trac/query?component=mime-sniff and discussed at IETF 82 Taipei http://tools.ietf.org/agenda/82/slides/websec-2.pdf were subsequently reproduced in the WHATWG tracker https://www.w3.org/Bugs/Public/show_bug.cgi?id=19746 Ideally, the "magic number" entry in the Media Type registry would be retargeted to give instructions and prioritization for content recognition, especially in cases (such as ftp: and file: access) where there is no channel for content-type transmission. Fixing content-type sniffing goes beyond http and should be addressed directly. Larry -- http://larry.masinter.net