# File lib/rack/protection/xss_header.rb, line 17
      def call(env)
        status, headers, body = @app.call(env)
        headers['X-XSS-Protection']       ||= "1; mode=#{options[:xss_mode]}" if html? headers
        headers['X-Content-Type-Options'] ||= 'nosniff'                       if options[:nosniff]
        [status, headers, body]
      end