






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
D385: FINAL EXAM CORRECTED - NO CODING |GRADED A+!!
Typology: Exams
1 / 11
This page cannot be seen from the preview
Don't miss anything!







Output from requests.get("https://randomuser.me/api/") - correct answers; <Response [200]> Status Code: 201 - correct answers; - Created
HTTP Header: Content-Type - correct answers; - What type of content the SERVER with responds with (GET, POST, etc)
Set-Cookie Directive: Secure - correct answers; - Resists MITM attacks
Content-Security-Policy - correct answers; - Primary goal is to protect against XSS
Same-origin-policy - correct answers; - ensures that resources are accessible to documents with the same origin
What setting permits browsers to included credentials? - correct answers; - Access-Control-Allow- Credentials header
What standard restricts what a browser can do with a response? - correct answers; - CSP (Content Security Policy) What is a "source"? - correct answers; - an acceptable location for the browser to retrieve content from CSP example restricting JavaScript and requiring HTTPS - correct answers; Content-Security-Policy: script- src 'none' https: What is highly recommended when using CSP default-src? - correct answers; - use 'self' source instead of 'none'