id,summary,reporter,owner,description,type,status,priority,milestone,component,resolution,keywords,cc,parents 461,Add X-Content-Type-Options: nosniff to default nginx config in docs,Christopher Allan Webber,pythonsnake,"We should add ""X-Content-Type-Options: nosniff"" to our HTTP response headers via nginx in our ""default config"". This will help prevent someone uploading a .txt file that the browser interprets as an HTML file, etc (which could be used to initiate an XSS attack or etc). https://bugzilla.mozilla.org/show_bug.cgi?id=471020 We could probably add such support via: http://wiki.nginx.org/HttpHeadersModule",defect,closed,major,,documentation,fixed,"bitesized, review",tycho Will Kahn-Greene Elrond,