XSS (Cross Site Scripting)
- e.g., an input field allowing JS code like
How to prevent?
HTTP Security Headers
- used to prevent cross site scripting by specifying which resources are allowed to load
- it is enabled by setting the
Content-Security-PolicyHTTP response header.
1 2 3 4 5 6 7 8 9
- Mozilla Observatory
- Mozilla Laboratory-Browser Extension