diff --git a/internal/api/errorcodes.go b/internal/api/errorcodes.go
index f6a890566..d9a982224 100644
--- a/internal/api/errorcodes.go
+++ b/internal/api/errorcodes.go
@@ -76,6 +76,7 @@ const (
 	ErrorCodeHookTimeout                       ErrorCode = "hook_timeout"
 	ErrorCodeHookTimeoutAfterRetry             ErrorCode = "hook_timeout_after_retry"
 	ErrorCodeHookPayloadOverSizeLimit          ErrorCode = "hook_payload_over_size_limit"
+	ErrorCodeHookPayloadInvalidContentType     ErrorCode = "hook_payload_invalid_content_type"
 	ErrorCodeRequestTimeout                    ErrorCode = "request_timeout"
 	ErrorCodeMFAPhoneEnrollDisabled            ErrorCode = "mfa_phone_enroll_not_enabled"
 	ErrorCodeMFAPhoneVerifyDisabled            ErrorCode = "mfa_phone_verify_not_enabled"
diff --git a/internal/api/hooks.go b/internal/api/hooks.go
index 7b89dc561..3a5512d40 100644
--- a/internal/api/hooks.go
+++ b/internal/api/hooks.go
@@ -137,18 +137,21 @@ func (a *API) runHTTPHook(r *http.Request, hookConfig conf.ExtensibilityPointCon
 		}
 
 		defer rsp.Body.Close()
-		// Header.Get is case insensitive
-		contentType := rsp.Header.Get("Content-Type")
-		mediaType, _, err := mime.ParseMediaType(contentType)
-		if err != nil {
-			return nil, internalServerError("Invalid Content-Type header")
-		}
-		if mediaType != "application/json" {
-			return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType)
-		}
 
 		switch rsp.StatusCode {
 		case http.StatusOK, http.StatusNoContent, http.StatusAccepted:
+			// Header.Get is case insensitive
+			contentType := rsp.Header.Get("Content-Type")
+			if contentType == "" {
+				return nil, badRequestError(ErrorCodeHookPayloadInvalidContentType, "Invalid Content-Type: Missing Content-Type header")
+			}
+			mediaType, _, err := mime.ParseMediaType(contentType)
+			if err != nil {
+				return nil, badRequestError(ErrorCodeHookPayloadInvalidContentType, fmt.Sprintf("Invalid Content-Type header: %s", err.Error()))
+			}
+			if mediaType != "application/json" {
+				return nil, badRequestError(ErrorCodeHookPayloadInvalidContentType, "Invalid JSON response. Received content-type: "+contentType)
+			}
 			if rsp.Body == nil {
 				return nil, nil
 			}