While testing a single-page web application, you intercept a GET request that returns:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 48
{"msg":"Hello, <script>alert(1)</script>"}
The server never sets the X-Content-Type-Options response header. Modern browsers therefore fall back on MIME sniffing when the response begins with an HTML DOCTYPE that you can inject. What client-side attack does this misconfiguration allow you to perform against other users most directly?
Force the site to render inside a hidden iframe to steal clicks (clickjacking).
Trigger reflected cross-site scripting and run arbitrary JavaScript in the victim's browser.
Execute SQL statements directly on the back-end database from the client.
Bypass anti-CSRF tokens and submit forged POST requests silently.
Because the server omits the header X-Content-Type-Options: nosniff, browsers are free to ignore the declared MIME type and guess the content. If an attacker injects a prefix such as <!DOCTYPE html> before the JSON body, many browsers will treat the response as ordinary HTML instead of JSON. The unescaped script tag inside the body will then execute in the victim's context, giving the attacker a classic reflected cross-site scripting (XSS) vector. The issue does not, by itself, enable SQL injection, clickjacking, or CSRF; those attacks rely on entirely different weaknesses (server-side query handling, UI framing, and missing request authenticity tokens, respectively).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is MIME sniffing in web browsers?
Open an interactive chat with Bash
What is reflected cross-site scripting (XSS)?
Open an interactive chat with Bash
How does the X-Content-Type-Options header prevent attacks?
Open an interactive chat with Bash
What is MIME sniffing, and why is it relevant here?
Open an interactive chat with Bash
Can XSS vulnerabilities occur in applications besides JSON responses?
Open an interactive chat with Bash
What is the X-Content-Type-Options header used for?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .