Add to the list of HTTP headers that don't overwrite in 304 responses.

net/http/http_response_headers_unittest.cc

Index: net/http/http_response_headers_unittest.cc
diff --git a/net/http/http_response_headers_unittest.cc b/net/http/http_response_headers_unittest.cc
index 28d97dd89888d65c96675e5d5e91e7b18cac7666..fde98b5b645dcfe4cee88d7c5c5cd07d5dd97ac1 100644
--- a/net/http/http_response_headers_unittest.cc
+++ b/net/http/http_response_headers_unittest.cc
@@ -922,6 +922,40 @@ TEST(HttpResponseHeadersTest, Update) {
       "Cache-control: max-age=10001\n"
       "Content-Length: 450\n"
     },
+    { "HTTP/1.1 200 OK\n"
+      "X-Frame-Options: DENY\n",
+
+      "HTTP/1/1 304 Not Modified\n"
+      "X-Frame-Options: ALLOW\n",
+
+      "HTTP/1.1 200 OK\n"
+      "X-Frame-Options: DENY\n",
+    },
+    { "HTTP/1.1 200 OK\n"
+      "X-WebKit-CSP: default-src 'none'\n",
+
+      "HTTP/1/1 304 Not Modified\n"
+      "X-WebKit-CSP: default-src *\n",
+
+      "HTTP/1.1 200 OK\n"
+      "X-WebKit-CSP: default-src 'none'\n",
+    },
+    { "HTTP/1.1 200 OK\n"
+      "X-XSS-Protection: 1\n",
+
+      "HTTP/1/1 304 Not Modified\n"
+      "X-XSS-Protection: 0\n",
+
+      "HTTP/1.1 200 OK\n"
+      "X-XSS-Protection: 1\n",
+    },
+    { "HTTP/1.1 200 OK\n",
+
+      "HTTP/1/1 304 Not Modified\n"
+      "X-Content-Type-Options: nosniff\n",
+
+      "HTTP/1.1 200 OK\n"
+    },
   };
 
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {