ehcache SimpleCachingHeadersPageCachingFilter adding X-XSS-Protection & X-Content-Type-Options

I have SimpleCachingHeadersPageCachingFilter configured in my web.xml and it works fine but h开发者_C百科ow would I go about adding some other stuff to the header like:

X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

I went to http://ehcache.org/documentation/user-guide/web-caching for more info but no luck.

---

Everything is in the code and in JavaDocs. For starters I would extend SimpleCachingHeadersPageCachingFilter and override buildPage():

public class CustomHeadersPageCachingFilter extends SimpleCachingHeadersPageCachingFilter {

    @Override
    protected PageInfo buildPage(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws AlreadyGzippedException, Exception {
        PageInfo pageInfo = super.buildPage(request, response, chain);
        headers.add(new Header<String>("X-Content-Type-Options", "nosniff"));
        headers.add(new Header<String>("X-XSS-Protection", "1; mode=block"));
        return pageInfo;
    }
}

However JavaDoc for the method we are overriding states that:

To control your own caching headers, use {@link SimplePageCachingFilter}.

SimplePageCachingFilter is a base class of SimpleCachingHeadersPageCachingFilter which are extending right now. However I think this comment suggests to use the former class if we want to use completely different headers. If we want to keep standard headers (added by the latter class via super.buildPage()) this approach seems valid.

Disclaimer: note that extending class's behavior by extending it and overriding some methods by first calling super version and adding some logic isn't the best OO technique.