Information Info Vega has detected that the resource has not specified a character set in the response. If the character set is not specified, the browser may make assumptions about the character set based on resource content. This may present a security concern if the affected resource contains dynamically-generated content that originates from users. In such a case, malicious users may potentially take advantage of how specific browsers interpret characters to cause malicious content to be rendered. For example, an attacker may be able to bypass a cross-site scripting filter by encoding their malicious payload in an alternate character set, which may be executed depending on how the browser interprets the encoded content. Specify a well-defined character set (such as UTF-8) within the response header content-type or the response body. OWASP Top Ten Cheat Sheet