CSS and JS MIME Type wrong

CranjisMcBasketball · December 2, 2025, 11:13pm

This is very much a config thing I’m totally missing since this is the first time Im using BunkerWeb for a reverse proxy. Currently I’m just using IIS reverse proxy completely vanilla settings and I’ not having these weird MIME type issues with all browsers.

I made a new service, left all settings from the low security template and setup basic auth, basic auth works fine, just these MIME type issues browser side. Something with the BunkerWeb settings I’m completely missing since I have no clue what to look for. nosniff is set, CORS is set to * and referal is sameorigin.

I would be EXTREMELY thankfully if someone has come across this or knows what I need to tweak to get it happy. This is the only issue I’ve had so far, really like the system but obviously CSS and JS files not loading in browsers is a show stopper so far for wanting to move from IIS to Bunkerweb’s system

theophile_bunkerity · December 3, 2025, 6:35am

Hi @CranjisMcBasketball,

Try configuring these settings:

KEEP_UPSTREAM_HEADERS=*
X_CONTENT_TYPE_OPTIONS=

Here’s some details about the behavior: https://stackoverflow.com/a/53062522

CranjisMcBasketball · December 3, 2025, 5:18pm

keep upstream was set to *, nosniff was removed like your example - still no change. Did a fiddler inspection to verify if Bunkerweb is actually making the change:

I see nosniff when basic auth is being done(fiddler capture):

{5AE3F827-BDD7-48FE-9923-18D4FF3F7670}

After basic auth is successful:

I’m going to assume it’s related to nosniff being sent to the browser during basic auth and the browser just keeps that in mind for the session since it’s not sent back to client from server after login is successful?

theophile_bunkerity · December 4, 2025, 7:35am

Hi @CranjisMcBasketball,

Indeed this is likely a browser cache shenanigan.