Content-Type
October 1, 2020
Leaking the Content-Type of a request would provide attackers with a new way of distinguishing two requests from each other.
typeMustMatch #
typeMustMatch is a Boolean that reflects the typeMustMatch attribute of the object element. It ensures that a certain MIME type must be enforced when loading an object, by verifying if the Content-Type of the resource is the same as the one provided in the object. Unfortunately, this enforcement also allowed attackers to leak the Content-Type and Status Codes returned by a website 1.