diff --git a/submissions/description/external_behavior/csv_injection/recommendations.md b/submissions/description/external_behavior/csv_injection/recommendations.md
index 406e7159..9b0277a2 100644
--- a/submissions/description/external_behavior/csv_injection/recommendations.md
+++ b/submissions/description/external_behavior/csv_injection/recommendations.md
@@ -1,6 +1,7 @@
 # Recommendation(s)
 
-It is recommended to sanitize the input fields of CSVs so that the content is read as text only by the spreadsheet editor
+It is recommended to validate and sanitize the input fields of CSVs so that the content is read as text only by the spreadsheet editor. The appropriate content type should also be set in the response header when serving CSV files. For example, `Content-Type: text/csv`.
+Additionally, dynamic formula injection can be prevented by not allowing user-supplied input to be directly interpreted as a calculation or formula. This can be achieved by removing the functionality, or implementing a separate mechanism that handles the user input securely.
 
 For more information, please see: