fix typo

docs/security-outro.html

@@ -76,7 +76,7 @@ <h3 id="user-content-miscellaneous">Miscellaneous</h3>
       </div>
       <div class="ph4 bg-white content">
         <h1 id="user-content-xss,-sniffing,-xframe">XSS, Sniffing, XFrame</h1><p>Common security headers help ensure your web application is secure, whether you run it behind nginx or not.</p><p>Coast by default attempts to protect your web app from <em>XSS</em> attacks, unwanted <em>iframe embeds</em>, and <em>content-type sniffing</em>.</p><h3 id="user-content-xss">XSS</h3><p>Coast by default passes this to <code>app</code> which results in the header <code>X-XSS-Protection=1; mode=block</code> being sent on every response.</p><pre><code class="clojure">{:security {:xss-protection {:enable? true, :mode :block}}}
-</code></pre><h3 id="user-content-no-sniff">No Sniff</h3><p>The majority of modern browsers attempts to detect the <em>Content-Type</em> of a request by sniffing its content, meaning a file ending in <em>.txt</em> could be executed as JavaScript if it contains JavaScript code.</p><p>This behavior is disabled by default with the map:</p><pre><code class="clojure">{:security {:content-type-options :nosniff}}
+</code></pre><h3 id="user-content-no-sniff">No Sniff</h3><p>The majority of modern browsers attempt to detect the <em>Content-Type</em> of a request by sniffing its content, meaning a file ending in <em>.txt</em> could be executed as JavaScript if it contains JavaScript code.</p><p>This behavior is disabled by default with the map:</p><pre><code class="clojure">{:security {:content-type-options :nosniff}}
 </code></pre><h3 id="user-content-xframe">XFrame</h3><p>Coast also makes it easy for you to control the embed behavior of your website inside an iframe.</p><p>Available options are <code>:deny</code>, <code>:same-origin</code> or <code>:allow-from &#91;http://example.com&#93;</code>:</p><p>The default is <code>:deny</code></p><pre><code class="clojure">{:security {:frame-options  :deny}}
 </code></pre>
       </div>