Status Code

Error Events

October 1, 2020
Abuse Error Events, Status Code, nosniff, Content-Type
Category Attack
Defenses Fetch Metadata, SameSite Cookies

When a webpage issues a request to a server (e.g. fetch, HTML tags), the server receives and processes this request. When received, the server decides whether the request should succeed (e.g. 200) or fail (e.g. 404) based on the provided context. When a response has an error status, an error event is fired by the browser for the page to handle. These errors also cover situations where the parser fails, for example when trying to embed HTML content as an image. ...

Content-Type

October 1, 2020
Abuse typeMustMatch, iframes, Content-Type, Status Code
Category Historical
Defenses Deprecation

Leaking the Content-Type of a request could offer an attacker a new way to distinguish two requests from each other. typeMustMatch # typeMustMatch is a boolean that reflects the typeMustMatch attribute of the object element. It ensures a certain MIME type must be enforced when loading an object verifying if the Content-Type of the resource is the same as the one provided in the object. Unfortunately, this enforcement would allow attackers to leak the Content-Type and Status Codes returned by a website 1 ...