Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Missing Content Type

Last Updated: Apr 22, 2017 12:12AM CEST

The file is being served without a Content Type header and such files are treated as HTML by some browsers. As the data is treated as HTML this could lead to an XSS depending on the circumstances.

What can happen?

Internet Explorer will parse files without a Content Type header as HTML. This does not necessarily have security implications, but if the file’s content is controlled by a user it will lead to an XSS vulnerability.

See our article about XSS for more details about the risk.

Remediation

Make sure that every type is intentionally served with a Content Type header. Unfortunately it is hard to give any general advice on this as the process varies depending on how the page is generated.

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete