Description

These page(s) does not set a Content-Type header value. This value informs the browser what kind of data to expect. If this header is missing, the browser may incorrectly handle the data. This could lead to security problems.

Remediation

Set a Content-Type header value for these page(s).

References

Missing Content-Type Header Detected on Web Application - Invicti

Related Vulnerabilities

Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability

Unrestricted access to ImageResizer Diagnotics plugin

[Possible] Password Transmitted over Query String

RoR Database Configuration File Detected

Deprecated Header Instruction Used to Implement Content Security Policy (CSP)

Severity

Low

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration