Content Type Header Missing

By
Nash N Sulthan
Published on
02 Jul 2018
Vulnerability

The Content-Type header is used to indicate the media type of the resources. The content-type header is used to send a client, what to expect from the server.

There are many web applications that didn’t implement a Content-Type header value. This value informs the browser what kind of data to expect. If this header is missing, the browser may incorrectly handle the data. This could lead to security problems like a man in the middle attacks.

Example

The following code is an example of a content type header.

        Content-Type: text/html; charset=utf-8
        Content-Type: multipart/form-data; boundary=something

Impact

The impact include:-

  • Man in the middle attacks

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Make sure to add Content-Type header value.
Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Start free trial