[
https://issues.apache.org/jira/browse/SLING-3815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14085970#comment-14085970
]
Antonio Sanso commented on SLING-3815:
--------------------------------------
bq. Still, it's not hard to allow for configuring multiple such static headers
there, so I'd make that configuration generic instead of just nosniff, with
nosniff included in the defaults.
+1
> Add support for X-Content-Type-Options: nosniff
> ------------------------------------------------
>
> Key: SLING-3815
> URL: https://issues.apache.org/jira/browse/SLING-3815
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Antonio Sanso
> Priority: Minor
>
> It would be nice if Sling will have customizable support for
> X-Content-Type-Options: nosniff .
> This is really useful to defend against some common attack e.g. XSS, Rosetta
> Flash etc.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
