ASVS Requirement 4.1.1

• Level: 1
• Chapter: V4 API and Web Service
• Section: V4.1 Generic Web Service Security
• Source: 0x13-V4-API-and-Web-Service.md

Description

Verify that every HTTP response with a message body contains a Content-Type header field that matches the actual content of the response, including the charset parameter to specify safe character encoding (e.g., UTF-8, ISO-8859-1) according to IANA Media Types, such as "text/", "/+xml" and "/xml".