- From: Adam Barth <whatwg@adambarth.com>
- Date: Mon, 25 Jan 2010 19:57:46 +0000
On Mon, Jan 25, 2010 at 7:51 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote: > 1) Some other security mechanisms (CORS, anti-clickjacking controls, > XSS filter controls) rely on separate HTTP headers instead. Is there a > compelling reason not to follow that lead - or better yet, to unify > all security headers to conserve space? The reason to use a MIME type here is to trick legacy browsers into not rendering the response as HTML. Adam
Received on Monday, 25 January 2010 11:57:46 UTC