```release-note:security
Explicitly set 'Content-Type' header to mitigate XSS vulnerability.
```