Merge pull request #6184 from vespa-engine/tokle-patch-1

Add X-Content-Type-Options header
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2018-06-13 10:34:58 +0200
committer: GitHub <noreply@github.com> 2018-06-13 10:34:58 +0200
commit: ff9cbc3a7f2ec91fbff87d933602676e4a1d3897 (patch)
tree: 5920f0b2a41b297d6f62f861857dbfd1435c5f61
parent: 959bced35e65fbdbb2ec9bf3b7af2550600613de (diff)
parent: a8d7904fdeed186ae1d2e992aac866270931bbcb (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index f50e7454f19..09d02d66b1f 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -17,5 +17,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
         response.setHeader("Cache-control", "no-store");
         response.setHeader("Pragma", "no-cache");
         response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+        response.setHeader("X-Content-Type-Options", "nosniff");
     }
 }
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2018-06-13 10:34:58 +0200
committer	GitHub <noreply@github.com>	2018-06-13 10:34:58 +0200
commit	ff9cbc3a7f2ec91fbff87d933602676e4a1d3897 (patch)
tree	5920f0b2a41b297d6f62f861857dbfd1435c5f61
parent	959bced35e65fbdbb2ec9bf3b7af2550600613de (diff)
parent	a8d7904fdeed186ae1d2e992aac866270931bbcb (diff)