An intermediary could alter by chance or purpose a Content-Warning header. Implementors SHOULD validate the payload body to avoid that this results in:
processing an unexisting body
looking for warning attribute in a response with an unsuitable Content-Type
Not processing an actually present warning attribute in the payload.
I expect
more security considerations, eg.
An intermediary could alter by chance or purpose a
Content-Warningheader. Implementors SHOULD validate the payload body to avoid that this results in:warningattribute in a response with an unsuitable Content-Typewarningattribute in the payload.