diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index aeffa4239..e531f21a3 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -21,6 +21,7 @@ if ( ! isset( $_REQUEST['action'] ) )
 
 require_once('includes/admin.php');
 @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+send_nosniff_header();
 
 do_action('admin_init');
 
diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php
index a9d7d8a76..e5f0e3aca 100644
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -649,4 +649,17 @@ function win_is_writable($path) {
         unlink($path);
     return true;
 }
+
+/**
+ * Send a HTTP header to disable content type sniffing in browsers which support it.
+ * 
+ * @link http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
+ * @link http://src.chromium.org/viewvc/chrome?view=rev&revision=6985
+ * 
+ * @since 3.0.0.
+ * @return none
+ */
+function send_nosniff_header() {
+	@header( 'X-Content-Type-Options: nosniff' ); 
+}
 ?>
diff --git a/wp-admin/index-extra.php b/wp-admin/index-extra.php
index 4de41a331..84ec6f6e9 100644
--- a/wp-admin/index-extra.php
+++ b/wp-admin/index-extra.php
@@ -13,6 +13,7 @@ require_once( 'admin.php' );
 require( 'includes/dashboard.php' );
 
 @header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
+send_nosniff_header();
 
 switch ( $_GET['jax'] ) {