reference article http://www.51testing.com/html/92/n-3693092.html
http://www.freebuf.com/articles/web/66827.html
1.X-Content-type-options
method:
http://www.freebuf.com/articles/web/66827.html
1.X-Content-type-options
method:
header("X-Content-type-options:nosiff");
it make style must be text/css,script must be JavaScript MIME type Which I don't completely understand.
Question :
how to use meta tage to add it. it's not useful below content
<meta http-equiv="Content-Type" Content="X-Content-type-options=nosiff">