[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set in API requests

[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set in API requests #18305