@Edent @malwaretech I guess they just didn't need to, it caches the whole file this way, why bother going through the hassle of creating a header.
On the other hand... It would be so more insidious as an image with embedded exif since they wouldn't need the hidden JavaScript download, they could just include the image on the page and the code would lurk in the cache automatically.