Missing content-type header

firetail:missing-content-type

Type:

Observation

Rule Severity:

Low

Content type header is missing.

Remediation

Ensure that the server correctly sets the content-type header for responses.

Example Attack Scenario

Injection Attacks: Without the Content-Type header specifying text/html or application/json, browsers or applications can incorrectly interpret response data and Cross-Site Scripting (XSS) can occur. This ambiguity can be exploited by attackers to inject malicious scripts, which execute within the context of other users' sessions, leading to unauthorized actions or data theft.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Average combined header size reduced
Plaintext digest authentication
Field duplication
SQL Injection found in logs
Undocumented HTTP status code
Missing rate limit headers