[whatwg] First or last Content-Type header?

Adam Barth whatwg at adambarth.com
Wed Jun 3 01:04:10 PDT 2009


On Wed, Jun 3, 2009 at 12:36 AM, Philip Taylor <excors+whatwg at gmail.com> wrote:
> http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
> - it's "X-Content-Type-Options: nosniff" now (and is used a bit in
> practice - it's on about 0.1% of pages from
> http://www.dotnetdotcom.org/, though about half of them are owned by
> Google or Microsoft).

The ironic twist to this story is that HTTP responses that include the
nosniff directive are 50% more likely to have a missing or incorrect
Content-Type header.

Adam



More information about the whatwg mailing list