Problem

We had a strange issue loading images between two severs -- one development and the other production. Internet Explorer would not load a handful of images on our production server, but loaded them fine from our development server. The images were all .jpg images.

I created a script that analyzed all the .jpg images and discoverd that the mime-type of the "broken" images were set to 'GIF'. I could easily solve this by re-saving the images with the correct mime type, however, the real issue was the discreptencies between the two servers.

Answer lies in the Response Header

The script and styleSheet elements will reject responses with incorrect MIME types if the server sends the response header "X-Content-Type-Options: nosniff". This is a security feature that helps prevent attacks based on MIME-type confusion. This change impacts the browser's behavior when the server sends the "X-Content-Type-Options: nosniff" header on its responses. 1

It turns out that the issue was in the server response header. When examining the Http Response Header configurations in IIS, I discovered the X-Content-Type-Options: nosniff. After a little research, I was able to determine that this must be where differences lay. Sure enough, after removing that option from the response header, things worked fine.

IIS Response Header Options

I was sure to replace the option, to prevent security leaks.

Real Solution

The correct solution is to fix the handful of conflicting mime-typed images with the correct mime-type.

Resources