0
0
Flaskframework~5 mins

Secure headers configuration in Flask - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is the purpose of setting secure HTTP headers in a Flask application?
Secure HTTP headers help protect your web app from common attacks like cross-site scripting (XSS), clickjacking, and data sniffing by instructing browsers how to behave securely.
Click to reveal answer
beginner
Name three common secure headers you can set in Flask.
Content-Security-Policy (CSP), X-Frame-Options, and Strict-Transport-Security (HSTS) are common secure headers to improve security.
Click to reveal answer
intermediate
How can you add secure headers to all responses in a Flask app?
Use the @app.after_request decorator to modify the response object and add headers before sending it to the client.
Click to reveal answer
intermediate
What does the 'Content-Security-Policy' header do?
It controls which resources (like scripts, images) the browser is allowed to load, helping prevent malicious code injection.
Click to reveal answer
intermediate
Why is the 'Strict-Transport-Security' header important?
It forces browsers to use HTTPS only, preventing attackers from intercepting data over insecure HTTP connections.
Click to reveal answer
Which Flask decorator is best to add secure headers to every response?
A@app.after_request
B@app.route
C@app.before_request
D@app.errorhandler
What does the 'X-Frame-Options' header protect against?
ACross-site scripting
BClickjacking
CSQL injection
DData encryption
Which header tells browsers to only use HTTPS for your site?
AContent-Security-Policy
BX-Content-Type-Options
CStrict-Transport-Security
DReferrer-Policy
What is a simple way to add a Content-Security-Policy header in Flask?
AAdd it in the response headers using @app.after_request
BSet it in the HTML meta tags
CUse Flask's built-in CSP function
DModify the request headers
Which header helps prevent browsers from MIME-sniffing a response away from the declared content-type?
AStrict-Transport-Security
BX-Frame-Options
CContent-Security-Policy
DX-Content-Type-Options
Explain how to add secure headers to all responses in a Flask app and why it is important.
Think about how Flask lets you change the response before sending it.
You got /4 concepts.
    Describe the role of Content-Security-Policy and Strict-Transport-Security headers in web security.
    One controls what the browser loads, the other controls how it connects.
    You got /4 concepts.