In the context of CSP, what does the 'nonce' attribute help with?

  • Controlling content caching
  • Enforcing secure data transmission
  • Handling session management
  • Preventing Cross-Site Scripting (XSS) attacks
In the context of Content Security Policy (CSP), the 'nonce' attribute is used to prevent Cross-Site Scripting (XSS) attacks. It allows a server to generate a unique cryptographic nonce for each page load. The nonce is included in the CSP header, and the browser only executes scripts with a matching nonce, effectively blocking any unauthorized scripts from running on the page.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *