Which HTTP header is commonly used to prevent Cross-Site Scripting (XSS) attacks in APIs?

  • Access-Control-Allow-Origin (CORS)
  • Content-Security-Policy (CSP)
  • User-Agent
  • X-Frame-Options
To prevent Cross-Site Scripting (XSS) attacks in APIs, the commonly used HTTP header is Content-Security-Policy (CSP). CSP allows you to define a policy that restricts the sources from which resources can be loaded and executed, helping to prevent malicious scripts from being executed in the context of your API.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *