By default, View sends the header x-content-type-options: nosniff in its HTTP responses to help prevent attacks based on MIME-type confusion.

You can disable this feature by adding the following entry to the file locked.properties:

x-content-type-options=OFF