Advanced Web & Software Development

Q82 / 100

What is a content security policy (CSP) and how does it prevent XSS?

Correct! Well done.

Incorrect.

The correct answer is B) An HTTP response header instructing browsers which content sources are trusted, blocking inline scripts and unauthorized origins that could execute XSS payloads

B

Correct Answer

An HTTP response header instructing browsers which content sources are trusted, blocking inline scripts and unauthorized origins that could execute XSS payloads

Explanation

CSP: Content-Security-Policy: default-src 'self'; script-src cdn.example.com. Blocks inline scripts (unsafe-inline) and eval(). Nonces/hashes allow specific inline scripts. Makes XSS exploitation much harder even if code is injected.

Previous All Questions Next

Progress

82/100

Browse All Web & Software Development Questions

100 questions · beginner to advanced