[ https://issues.apache.org/jira/browse/SLING-3815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14085970#comment-14085970 ]
Antonio Sanso commented on SLING-3815: -------------------------------------- bq. Still, it's not hard to allow for configuring multiple such static headers there, so I'd make that configuration generic instead of just nosniff, with nosniff included in the defaults. +1 > Add support for X-Content-Type-Options: nosniff > ------------------------------------------------ > > Key: SLING-3815 > URL: https://issues.apache.org/jira/browse/SLING-3815 > Project: Sling > Issue Type: Improvement > Components: Engine > Reporter: Antonio Sanso > Priority: Minor > > It would be nice if Sling will have customizable support for > X-Content-Type-Options: nosniff . > This is really useful to defend against some common attack e.g. XSS, Rosetta > Flash etc. -- This message was sent by Atlassian JIRA (v6.2#6252)