Content Type is not specified

Description

During the scan, Kayran managed to find that the Content Type representation header is not being specified. If the response does not define a content type, the browser will usually analyze the response and attempts to redefine the MIME type of its content.

This could lead to unexpected results, and could also lead to cross-site scripting (XSS) or other client-side vulnerabilities.

The  Content type representation header is used to indicate the original media type of the resource.
In responses, a Content Type header provides the client with the actual content type of the returned content. This header’s value can be ignored.

Recommendation

The application should include a single Content type header that correctly and unambiguously states the MIME type of the content in the response body for every response containing a message body.

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type

https://cwe.mitre.org/data/definitions/16.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »