Content-Type Header Missing

This detector identifies HTTP responses that lack a Content-Type header or contain an empty Content-Type value. The Content-Type header informs browsers about the MIME type of the response content, which is critical for proper rendering and security processing. Missing or empty Content-Type headers force browsers to guess the content type through content sniffing.

Missing Content-Type headers enable MIME confusion attacks where browsers incorrectly interpret response content based on file signatures rather than declared types. Attackers can upload files containing HTML or script content disguised as images or documents, which browsers may then execute as code when the Content-Type is absent. This content sniffing behavior bypasses upload filters and can lead to cross-site scripting attacks, particularly when combined with user-controlled content or file upload functionality.

Ensure each page is setting the specific and appropriate content-type value for the content being delivered.