What is the purpose of a Content Security Policy (CSP) header?

Correct! Well done.

Incorrect.

The correct answer is B) An HTTP response header instructing the browser which sources of scripts, styles, and other resources are allowed to load, mitigating XSS and data injection attacks

Correct Answer

An HTTP response header instructing the browser which sources of scripts, styles, and other resources are allowed to load, mitigating XSS and data injection attacks

Explanation

CSP lets servers declare an allowlist (e.g., script-src 'self' https://trusted.cdn.com). Browsers block any resource not matching the policy, significantly reducing the impact of injected scripts even if an XSS flaw exists.

Previous All Questions Next

Progress

72/100

🔐

Browse All Cybersecurity & Cryptography Questions

100 questions · beginner to advanced