StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
90011

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Charset Mismatch

Reference
Plugin ID: 90011 CWE: 436 WASC: 15 Unknown Passive Security Misconfiguration

Remediation

  1. Standardize charset: Use UTF-8 consistently in both HTTP Content-Type headers and HTML/XML declarations.
  2. Align header and content: Ensure the charset declared in HTTP headers matches the charset used in document meta tags or XML declarations.
  3. Server configuration: Configure web servers to always send consistent charset information in Content-Type headers.
  4. Validate encoding: Test that all text content is properly encoded and displayed with the declared charset.
  5. Remove conflicting declarations: Eliminate any conflicting charset declarations that might cause browser confusion.

About

Charset mismatch occurs when the character encoding declared in HTTP Content-Type headers differs from the encoding specified in HTML meta tags or XML declarations. This inconsistency can force browsers into content-sniffing mode, potentially leading to security vulnerabilities and display issues.

Risks

Medium Charset mismatches can enable content-sniffing attacks, character encoding confusion, potential XSS vulnerabilities through encoding manipulation, and inconsistent content rendering across different browsers.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy