You want to allow images from your own domain and 'https://images.example.com' but block all other sources in your Django CSP. Which header value correctly achieves this?

hard📝 component behavior Q8 of 15

Django - Security Best Practices

A"img-src 'none'; default-src 'self' https://images.example.com"

B"default-src 'self' https://images.example.com"

C"img-src *; default-src 'self'"

D"img-src 'self' https://images.example.com; default-src 'none'"

Step-by-Step Solution

Solution:

Step 1: Understand img-src and default-src directives
img-src controls image sources; default-src is fallback for other resources.
Step 2: Block all except specified image sources
Setting default-src 'none' blocks all except what img-src allows.
Step 3: Verify correct syntax
"img-src 'self' https://images.example.com; default-src 'none'" allows images only from these sources and blocks others.
Final Answer:
"img-src 'self' https://images.example.com; default-src 'none'" -> Option D
Quick Check:
Allow images only from specified sources = "img-src 'self' https://images.example.com; default-src 'none'" [OK]

Quick Trick: Use default-src 'none' to block all except allowed img-src [OK]

Common Mistakes:

MISTAKES

Using wildcard * which allows all sources
Setting img-src 'none' which blocks images
Not blocking other resource types properly

Master "Security Best Practices" in Django

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Django Quizzes

You want to allow images from your own domain and 'https://images.example.com' but block all other sources in your Django CSP. Which header value correctly achieves this?

Step 1: Understand img-src and default-src directives

Step 2: Block all except specified image sources

Step 3: Verify correct syntax

Final Answer:

Quick Check:

Want More Practice?