The first line describes the datatype.
response.setContentType("APPLICATION/OCTET-STREAM");
APPLICATION/OCTET-STREAM
stands for binary data. It may be more precise by specifing the actual filetype. For images it coud be image/png
. If the browser knows the exact filetype it may show the file directly.
response.setHeader("Content-Disposition", "attachment; filename=\"" + filename + "\"");
This says "Don't even try to show the file, just save the file." It also suggests a filename.
update There is a better explaination of mime-types and content-disposition at wikipedia: