By specifying the correct header declaration, various cross-site scripting attacks can be prevented. If the character encoding is not specified, some web browser will try to interpret the source code, thus making certain attacks possible which require a different character set.