I'm glad to announce the v0.02 release of the ngx_xss module:
This module provides native cross-site scripting (XSS) support in nginx, and cross-site GET via JSONP in particular. Please visit the project homepage for more details:
This release fixes a nasty bug in Content-Type header handling. The previous version does not clear r->headers_out.content_type_lowcase which sadly prevents responses from being compressed by the ngx_http_gzip_filter_module if configured.
Thanks my teammate kindy++ for catching it in our production environment :P