How do I make my CSS and JS files send HTTP response header
We did a penetration testing on a web app created in Laravel 4. One of the findings is "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'". The PHP code below sends the HTTP header for the sniffing issue,
header('X-Content-Type-Options: nosniff');
Our second penetration testing showed the same findings for CSS and JS files. How do I get my CSS and JS files to send the same header? Or is there a way for me to have all files requesed send the HTTP header.
I've checked out this resource, https://kb.sucuri.net/warnings/hardening/headers-x-content-type. Following the instructions, I added the following codes on .htaccess
<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>
On Chrome Tools > Network, all CSS and JS files send the header
链接地址: http://www.djcxy.com/p/45802.html上一篇: 如何设置X