How do I make my CSS and JS files send HTTP response header

We did a penetration testing on a web app created in Laravel 4. One of the findings is "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'". The PHP code below sends the HTTP header for the sniffing issue,

header('X-Content-Type-Options: nosniff');

Our second penetration testing showed the same findings for CSS and JS files. How do I get my CSS and JS files to send the same header? Or is there a way for me to have all files requesed send the HTTP header.

---

I've checked out this resource, https://kb.sucuri.net/warnings/hardening/headers-x-content-type. Following the instructions, I added the following codes on .htaccess

<IfModule mod_headers.c>
    Header set X-Content-Type-Options nosniff
</IfModule>

On Chrome Tools > Network, all CSS and JS files send the header

链接地址: http://www.djcxy.com/p/45802.html

上一篇: 如何设置X

下一篇: 如何让我的CSS和JS文件发送HTTP响应头