Should add "Content-Disposition" to response header?

It's better to add `Content-Disposition: attachment; filename="api.json"` to response header in the case that some browsers had the vulnerability of `nosniff` bypass. But for keeping this guideline simple, maybe this shouldn't be added. How do you think?
