X-Content-Type-Options: nosniff

Hi,

Tom Schuster (evilpie) has been working on a patch to add X-Content-Type-Options: nosniff
support to Gecko (thanks Tom !)

he has some questions in the bug (https://bugzilla.mozilla.org/show_bug.cgi?id=471020#c19) : 

"I think we need to define some kind of rules (a specification if you will) for when we actually want to block
sniffing. In the next patch I am going to apply only sniffing for documents is disabled and at least
Chromium seems to follow the same rules.

Let me enumerate some examples:
- something that looks like html
- no Content-Type
=> displayed as text/plain
- an image
- no Content-Type
=> displayed as text/plain
- an image
- non matching Content-Type (eg. image/png for an jpeg image)
=> displayed as image

We also disable sniffing based on the extension (.html etc.)

But on the other hand this also has no effect on for example
- images included via the image tag
- style sheets (we already block style sheets with the wrong content-type in standard mode)

From what I can tell my patch exhibits the same behavior as Chromium."