id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
461	Add X-Content-Type-Options: nosniff to default nginx config in docs	Christopher Allan Webber	pythonsnake	"We should add ""X-Content-Type-Options: nosniff"" to our HTTP response headers via nginx in our ""default config"".  This will help prevent someone uploading a .txt file that the browser interprets as an HTML file, etc (which could be used to initiate an XSS attack or etc).

https://bugzilla.mozilla.org/show_bug.cgi?id=471020

We could probably add such support via:

http://wiki.nginx.org/HttpHeadersModule"	defect	closed	major		documentation	fixed	bitesized, review	tycho Will Kahn-Greene Elrond