CISSP · Question #1223
What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?
The correct answer is D. Content-Security-Policy. The Content-Security-Policy (CSP) HTTP response header allows web server administrators to control the sources and types of content that can be loaded and executed by web browsers. By specifying a CSP policy, the web server can prevent the execution of inline JavaScript and the e
Question
Options
- AStrict-Transport-Security
- BX-XSS-Protection
- CX-Frame-Options
- DContent-Security-Policy
How the community answered
(40 responses)- A3% (1)
- B8% (3)
- C3% (1)
- D88% (35)
Explanation
The Content-Security-Policy (CSP) HTTP response header allows web server administrators to control the sources and types of content that can be loaded and executed by web browsers. By specifying a CSP policy, the web server can prevent the execution of inline JavaScript and the execution of eval()- type functions, which are often used by attackers to inject malicious code into web pages. This can help mitigate cross-site scripting (XSS) attacks, which are a common web application security threat.
Topics
Community Discussion
No community discussion yet for this question.