Which HTTP header is commonly used to prevent Cross-Site Scripting (XSS) attacks in APIs?
- Access-Control-Allow-Origin (CORS)
- Content-Security-Policy (CSP)
- User-Agent
- X-Frame-Options
To prevent Cross-Site Scripting (XSS) attacks in APIs, the commonly used HTTP header is Content-Security-Policy (CSP). CSP allows you to define a policy that restricts the sources from which resources can be loaded and executed, helping to prevent malicious scripts from being executed in the context of your API.
Loading...
Related Quiz
- How does a Public API differ from a Private API?
- You are tasked with creating comprehensive API documentation for a new RESTful API. What key sections and details would you include to ensure it is clear and helpful for developers?
- In Role-Based Access Control, access permissions are associated with _____ rather than individual users.
- What is REST in the context of Web APIs?
- When changes to an API are not backward compatible, _____ can help in preventing disruptions to existing clients.