Content Type Header Missing

By
Nash N Sulthan
Published on
02 Jul 2018
Vulnerability

The Content-Type header is used to indicate the media type of the resources. The content-type header is used to send a client, what to expect from the server.

There are many web applications that didn’t implement a Content-Type header value. This value informs the browser what kind of data to expect. If this header is missing, the browser may incorrectly handle the data. This could lead to security problems like a man in the middle attacks.

Example

The following code is an example of a content type header.

        Content-Type: text/html; charset=utf-8
        Content-Type: multipart/form-data; boundary=something

    

Impact

The impact include:-

  • Man in the middle attacks

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Make sure to add Content-Type header value.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.