My client want me to fix Web App vulnerability of My Web App
below is message about vulnerability of My Web App
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'
This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a >Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown
I think you can achieve it on Tomcat level by the following steps: