1.3.0

• Added support for setting the X-Content-Type-Options header

1.2.0

• Added Content-Security-Policy (CSP) 1.0 support
• Added forced_ssl.whitelist property to define URLs that do not need to be force-redirected
• Fixed session loss bug on 404 URLs in the CookieSessionHandler