XSS and XSRF Prevention

Stay organized with collections Save and categorize content based on your preferences.

To protect against cross-site scripting (XSS), requires the HTTP header X-Content-Type-Options: nosniff for all responses. Also include Content-Type: application/json; charset=utf-8 in the response header.

To protect against cross-site request forgery (XSRF), requires the HTTP header X-XSRF-Protected: 1 for all requests.