According to reports from HAWNG-939, for Hawtio Spring Boot, index.html is returned with Content-Type: text/html which defaults to Content-Type: text/html; charset=ISO-8859-1, while the index.html itself contains:

<meta charset="utf-8" />

This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.

An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
[...]
There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [ISO-8859-1] and [utf-8] do not match.