Technically the HTTP headers are enough (beside content-type you also need x-gwt-permutation). But given that you can not control the client browser and the plugins installed you might want to implement some extra hurdles in case the client actually has a security issue.--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.