Hi,
As part of our product security scanning, related to XSS Cross-site scripting (reflected) vulnerability, we were told that the application should not be returning “text/html”.
In the page source , we found the following line
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
Based on the suggestion to implement the change as mentioned in the article https://community.oracle.com/thread/441269, we tried but it does not work as expected.
Please let us know how we can overwrite the above content type in our application.