Security: Bad Content Type

back to issues overview

Bad Content Type

This indicates any URLs where the actual content type does not match the content type set in the header.

It also identifies any invalid MIME types used.

When the X-Content-Type-Options: nosniff response header is set by the server this is particularly important, as browsers rely on the content type header to correctly process the page.

This can cause HTML web pages to be downloaded instead of being rendered when they are served with a MIME type other than text/html for example.

How to Analyse in the SEO Spider

Use the ‘Security’ tab and ‘Bad Content Type’ filter to view these URLs and export all URLs using the ‘Export’ button.

What Triggers This Issue

This issue is triggered when a URL contains content that does not match the content type set in the header. It can also be triggered by invalid MIME types. For example:

If the following URL:

Responded with the following MIME type:


As the filename is .jpg, the SEO Spider will flag this as an issue.

It will also identify obsolete MIME types, such as JavaScript with:


Which should use:


How To Fix

Analyse URLs identified with a bad content type, and set an accurate MIME type in the content-type header.

Further Reading

Back to top