Quiz

• In a Content Security Policy (CSP) configuration, which property can be set to define where scripts can be loaded from?

  Show Answer

  ✅ script-src

• When configuring the Strict-Transport-Security (HSTS) header to ensure that all subdomains of a site also use HTTPS, which directive should be included to apply the security policy to both the main domain and its subdomains?

  Show Answer

  ✅ includeSubDomains

• Which HTTP header directive is used to prevent browsers from interpreting files as a different MIME type than what is specified by the server, thereby mitigating content type sniffing attacks?

  Show Answer

  ✅ nosniff