Content Type is not specified

Description

During the scan, Kayran managed to find that the Content Type representation header is not being specified. If the response does not define a content type, the browser will usually analyze the response and attempts to redefine the MIME type of its content.

This could lead to unexpected results, and could also lead to cross-site scripting (XSS) or other client-side vulnerabilities.

The  Content type representation header is used to indicate the original media type of the resource.
In responses, a Content Type header provides the client with the actual content type of the returned content. This header’s value can be ignored.

Recommendation

The application should include a single Content type header that correctly and unambiguously states the MIME type of the content in the response body for every response containing a message body.

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type

https://cwe.mitre.org/data/definitions/16.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »