Description
The Content-Type header is not specified If the response does not define a content type, the browser will usually analyze the response and attempt to define the MIME type of its content.
Bussines Impact
This could lead to unexpected results, and could also lead to cross-site scripting or other client-side vulnerabilities.
Recommendation
The application should include a single Content-type header that correctly and unambiguously states the MIME type of the content in the response body for every response containing a message body.
More Details
The Content-Type representation header is used to indicate the original media type of the resource.
In responses, a Content-Type header provides the client with the actual content type of the returned content. This header’s value may be ignored.
Reference
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type