Description
During the scan, Kayran managed to find that the Content Type representation header is not being specified. If the response does not define a content type, the browser will usually analyze the response and attempts to redefine the MIME type of its content.
This could lead to unexpected results, and could also lead to cross-site scripting (XSS) or other client-side vulnerabilities.
The Content type representation header is used to indicate the original media type of the resource.
In responses, a Content Type header provides the client with the actual content type of the returned content. This header’s value can be ignored.
Recommendation
The application should include a single Content type header that correctly and unambiguously states the MIME type of the content in the response body for every response containing a message body.
References
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type
