Test your understanding
Which step confirms the presence of the Content-Security-Policy header?
AStep 4: Verify 'Content-Security-Policy' header contains 'default-src 'self''
BStep 5: Check if 'X-Content-Type-Options' header is present
CStep 3: Check if 'Content-Security-Policy' header is present
DStep 6: Verify 'X-Content-Type-Options' header equals 'nosniff'