There’s no way to match on the response type in this case, so you’ll need to match on the request. You could use a rule like not path *.css *.js *.png *.jpg or something which would apply the headers only when the path isn’t one of those known file types.