Stored XSS | api.mapbox.com | IE 11 | Styles name

On December 24, 2019, user @renekroka reported a stored XSS injection vulnerability on api.mapbox.com that affected users in Internet Explorer 11. An attacker could store XSS injections on Mapbox servers, and then exploit them in IE11 due to JSON responses not including the `X-Content-Type-Options: nosniff` header. Using the information provided by the researcher, we deployed a patch to Mapbox servers on January 8, 2020. This patch added the `X-Content-Type-Options: nosniff` and `X-Frame-Options: deny` to Styles API JSON responses.