Why is the absence of a Content-Type header with a HTTP 204 response considered a security vulnerability and what should we do about it?
We have recently developed a web application with a RESTful API backend. This web app need to have a certain security certification (something called PCI-DSS), and thus it is being scanned occasionally to identify potential vulnerabilities… Continue reading Why is the absence of a Content-Type header with a HTTP 204 response considered a security vulnerability and what should we do about it?