Content Character Encoding is not Defined

Impact: Informational


When the character encoding is not explicitly defined in web content, browsers may resort to guessing or using a default encoding. This can lead to misinterpretation of characters and vulnerabilities such as Cross-Site Scripting (XSS), where attackers may exploit different encodings like UTF-7. It is crucial to specify the character encoding to ensure proper rendering and prevent security risks.


To mitigate this issue, ensure that the character encoding is explicitly defined in either the HTTP header or HTML meta tags. You can set the character encoding in the HTTP header using the Content-Type header field or within HTML meta tags as shown below:

  Content-Type: text/html; charset=UTF-8


  < META http-equiv="Content-Type" content = "text/html; charset=UTF-8" >


Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue