R043. Define explicit content type
All system files generated dynamically must have a Content-Type explicitly defined.
OWASP-ASVS v3.1-5.21 Verify that unstructured data is sanitized to enforce generic safety measures such as allowed characters and length, and characters potentially harmful in given context should be escaped (e.g. natural names with Unicode or apostrophes, such as ねこ or O’Hara).