When I use the Audits section in Chrome/Safari, I get the following message regarding a page that does what the code shows.
#!text/html
The following publicly cacheable resources contain a Set-Cookie header. This security vulnerability can cause cookies to be shared by multiple users.
header('Content-type: text/css');
header('Cache-Control: max-age=1209600'); // 2 weeks
header('Pragma: ');
$lastModified = gmdate('D, d M Y H:i:s', filemtime($_SERVER['SCRIPT_FILENAME'])).' GMT';
header('Last-Modified: '.$lastModified);
$etag = md5_file($_SERVER['SCRIPT_FILENAME']);
header('Etag: '.$etag);
$ifModified = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $lastModified;
$ifNone = isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag;
if ($ifModified || $ifNone) {
header('HTTP/1.1 304 Not Modified');
exit;
}
// print combined CSS or JS
exit;
What should I do here to completely remove cookies from these resources to stop this message (and close a potential hole)?