Content-Type Header Missing

Remediation

Ensure that all HTTP responses include a properly configured Content-Type header that accurately reflects the type of content being served.

1. Configure web server: Set up your web server to automatically include appropriate Content-Type headers for different file types.
2. Application-level headers: Ensure your application explicitly sets Content-Type headers in dynamic responses.
3. Review static content: Verify that static files are served with correct MIME types.

About

The Content-Type header informs browsers and other clients about the type of data being transmitted in the HTTP response. When this header is missing or empty, browsers may attempt to guess the content type, which can lead to security vulnerabilities and rendering issues.

Risks

Medium Missing Content-Type headers can lead to content sniffing attacks, incorrect content rendering, and potential security vulnerabilities where malicious content is interpreted differently than intended.