[ https://issues.apache.org/jira/browse/SLING-3815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14085965#comment-14085965 ]
Bertrand Delacretaz commented on SLING-3815: -------------------------------------------- Ok with having that in the sling main servlet if we want it turned on most of the time. Still, it's not hard to allow for configuring multiple such static headers there, so I'd make that configuration generic instead of just nosniff, with nosniff included in the defaults. > Add support for X-Content-Type-Options: nosniff > ------------------------------------------------ > > Key: SLING-3815 > URL: https://issues.apache.org/jira/browse/SLING-3815 > Project: Sling > Issue Type: Improvement > Components: Engine > Reporter: Antonio Sanso > Priority: Minor > > It would be nice if Sling will have customizable support for > X-Content-Type-Options: nosniff . > This is really useful to defend against some common attack e.g. XSS, Rosetta > Flash etc. -- This message was sent by Atlassian JIRA (v6.2#6252)