Why this matters
Correct MIME types ensure proper rendering, security, and cache behavior.
Serve assets with accurate Content-Type (e.g., text/css, application/javascript, image/avif, image/webp, font/woff2, image/svg+xml) and include charset for text types. Do not default to text/plain or application/octet-stream.
Correct MIME types ensure proper rendering, security, and cache behavior.
Side-by-side examples engineers can pattern-match during review.
Content-Type: application/octet-stream
/ for .css/.js /Content-Type: text/css; charset=utf-8
/ for .css */Content-Type: font/woff2Content-Type: text/plain // for .jsFrom the same buckets as this rule.
All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.
Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).