406 response is missing on one or more operations in your API that should have it defined. All operations that do not have
204 response defined and that have the
produces property constraining the response MIME type should have
406 response defined.
For more details, see RFC 7231.
Possible exploit scenario
Attackers strive to make your APIs behave in an unexpected way to learn more about your system or to cause a data breach. We highly recommend that you minimize any risks and clearly specify the data that your API operations can return for each possible response code.
406 responses for all operations that do not have
204 responses but that have the produced MIME type restricted.