In the context of CSP, what does the 'nonce' attribute help with?
- Controlling content caching
- Enforcing secure data transmission
- Handling session management
- Preventing Cross-Site Scripting (XSS) attacks
In the context of Content Security Policy (CSP), the 'nonce' attribute is used to prevent Cross-Site Scripting (XSS) attacks. It allows a server to generate a unique cryptographic nonce for each page load. The nonce is included in the CSP header, and the browser only executes scripts with a matching nonce, effectively blocking any unauthorized scripts from running on the page.
Loading...
Related Quiz
- In TLS, what cryptographic process is used to establish a shared secret between the client and server without ever transmitting the secret itself?
- A company's IT department is implementing a system where every employee's email will have a digital signature. The primary reason for this implementation is to:
- An IT administrator is setting up a secure file transfer service for his company. He needs a protocol that provides directory listing, file transfers, and file management capabilities. Which protocol should he consider?
- What is the primary purpose of a software patch?
- John, a network administrator, notices a sudden spike in outbound traffic from a single workstation in the organization. Upon further investigation, he discovers that the workstation is contacting multiple external IP addresses. This could be indicative of which type of threat?