Undefined Content-Type Header
- CWE 16
- WASC 15
- OWASP 2013-A5
- OWASP 2017-A6
Content-Type header is undefined which means the website might be at risk of MIME-sniffing attacks.
Remediation
Send the appropriate Content-Type header matching the type of the resource.
Send X-Content-Type-Options header with the only valid value of "nosniff". It is a way to say that the webmasters knew what they were doing.
X-Content-Type-Options: nosniff
Go Back to List
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled