Skip to content

Protocol: Content-Type header¶

Identifier: header_content_type

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

When responses are sent without correctly set Content-Type headers, browsers might guess file types incorrectly, potentially allowing attackers to trick browsers into treating data as executable code, leading to cross-site scripting attacks or other code injection vulnerabilities.

How we test: We analyze HTTP response headers to detect if Content-Type headers are missing or incorrectly set. We check if browsers might misinterpret content types and if responses are properly classified to prevent content type confusion attacks.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  header_content_type:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.