diff --git a/app.py b/app.py
index 2d77cdb..3e1391d 100755
--- a/app.py
+++ b/app.py
@@ -468,15 +468,27 @@ def serve_file(subpath):
     # Figure out download flag and filename
     as_attachment  = request.args.get('download') == 'true'
     filename = os.path.basename(full_path)
+    
+    if as_attachment:
+        download_name = filename
+        mimetype = 'application/octet-stream'
+    else:
+        download_name = None
+        mimetype = mime
+        
 
     # Single send_file call with proper attachment handling
     response = send_file(
         file_path,
-        mimetype=mime,
+        mimetype=mimetype,
         conditional=True,
         as_attachment=as_attachment ,
-        download_name=filename if as_attachment  else None
+        download_name=download_name
     )
+    
+    if as_attachment:
+        response.headers['X-Content-Type-Options'] = 'nosniff'
+    
     if not as_attachment :
         response.headers['Content-Disposition'] = 'inline'
     response.headers['Cache-Control'] = 'public, max-age=86400'