Description

The application does not define the Content-Type header in the server responses.

Impact

Lead to unexpected behaviors due to content type misinterpretations.

Recommendation

Define explicitly the content types allowed by the application.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes