From 36ca003633d0b5a0e44e54e942b44b2d722d8d73 Mon Sep 17 00:00:00 2001
From: Krishnananthalingam Tharmigan
 <63336800+TharmiganK@users.noreply.github.com>
Date: Mon, 30 Oct 2023 15:33:05 +0530
Subject: [PATCH] Add a comment regarding the change

---
 .../src/main/java/org/ballerinalang/net/http/HttpUtil.java     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/stdlib/http/src/main/java/org/ballerinalang/net/http/HttpUtil.java b/stdlib/http/src/main/java/org/ballerinalang/net/http/HttpUtil.java
index 5ee421a8fa0e..728d30220666 100644
--- a/stdlib/http/src/main/java/org/ballerinalang/net/http/HttpUtil.java
+++ b/stdlib/http/src/main/java/org/ballerinalang/net/http/HttpUtil.java
@@ -443,6 +443,9 @@ public static HttpCarbonMessage createErrorMessage(String payload, int statusCod
         if (payload != null) {
             payload = lowerCaseTheFirstLetter(payload);
             response.addHttpContent(new DefaultLastHttpContent(Unpooled.wrappedBuffer(payload.getBytes())));
+            // This header is added to block content sniffing in the old browsers where
+            // the response payload may contain executable scripts
+            // Related issue: ballerina-platform/ballerina-standard-library/issues/5088
             response.setHeader(X_CONTENT_TYPE_OPTIONS, NO_SNIFF);
         } else {
             response.addHttpContent(new DefaultLastHttpContent());