Security bank CSP & Security Headers Security / 5 questions Your progress 0 / 5 done Saved in this browser. Reset All 5 Medium 2 Hard 3 Hide done No questions match those filters. 1 What is a Content Security Policy, and what class of attacks does it mitigate? Medium 2 What does `script-src 'self'` do, and why are `'unsafe-inline'` and `'unsafe-eval'` dangerous? Hard 3 What do `Strict-Transport-Security`, `X-Content-Type-Options`, and `Referrer-Policy` do? Medium 4 How do nonces and hashes let you use inline scripts safely under CSP? Hard 5 How would you roll out a strict CSP to a legacy app without breaking it? Hard ← Previous CSRF & Request Forgery Next → Auth, Tokens & Storage