Content Type is not specified

Description

The Content-Type header is not specified If the response does not define a content type, the browser will usually analyze the response and attempt to define the MIME type of its content.

Bussines Impact

This could lead to unexpected results, and could also lead to cross-site scripting or other client-side vulnerabilities.

Recommendation

The application should include a single Content-type header that correctly and unambiguously states the MIME type of the content in the response body for every response containing a message body.

More Details

The Content-Type representation header is used to indicate the original media type of the resource.
In responses, a Content-Type header provides the client with the actual content type of the returned content. This header’s value may be ignored.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »