Content Character Encoding is not Defined

Impact: Informational


Web browsers need to be aware of the encoding of characters to display it right. When the character encoding is not explicitly defined, the browser has to either guess the encoding or use a default encoding. This will allow attackers to use different encodings like UTF-7 to exploit vulnerabilities like XSS.


Send character encoding in HTTP header as shown below:

Content-Type: text/html; charset=UTF-8

or use HTML Meta tags like below:

< META http-equiv="Content-Type" content = "text/html; charset=UTF-8" >


Last updated on February 15, 2021

Use SmartScanner Free version to test for this issue