diff --git a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
index 2aceeba6b..f09f9ebd6 100644
--- a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
+++ b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
@@ -92,8 +92,8 @@ public final class DecodeServlet extends HttpServlet {
 
   // No real reason to let people upload more than ~64MB
   private static final long MAX_IMAGE_SIZE = 1L << 26;
-  // No real reason to deal with more than ~64 megapixels
-  private static final int MAX_PIXELS = 1 << 26;
+  // No real reason to deal with more than ~32 megapixels
+  private static final int MAX_PIXELS = 1 << 25;
   private static final byte[] REMAINDER_BUFFER = new byte[1 << 16];
   private static final Map<DecodeHintType,Object> HINTS;
   private static final Map<DecodeHintType,Object> HINTS_PURE;
@@ -237,6 +237,13 @@ public final class DecodeServlet extends HttpServlet {
           errorResponse(request, response, "badimage");
           return;
         }
+        // Assume we'll only handle image/* content types
+        String contentType = connection.getContentType();
+        if (contentType != null && !contentType.startsWith("image/")) {
+          log.info("Wrong content type: " + contentType);
+          errorResponse(request, response, "badimage");
+          return;
+        }
 
         log.info("Decoding " + imageURL);
         processStream(is, request, response);