How to prevent
Cross-site Scripting (XSS)

To protect a web application from XSS attacks do this:

The best solution to mitigate against an XSS attack is to deploy a Content Security Policy (CSP). This is a browser side mechanism which allows you to create whitelists for client side resources of your web application (JavaScript, CSS, images, etc.). CSP is delivered via a special HTTP header that instructs the browser to only execute or render resources from the white list. Here is an example of a CSP Header:

Content-Security-Policy: default-src: 'self'; script-src: 'self' www.google-analytics.com

This CSP header would instruct a web browser to allow the loading of all resources only from the page’s origin and JavaScript source code files additionally from www.google-analytics.com.

Managing a Content Security Policy can be a lot of manual work!

One of the pain points when deploying a CSP header is that you have to maintain a whitelist. This means your engineering team has to keep the Content Security Policy in mind as they add or remove third party dependencies from the application.

How Templarbit can help:

We provide you with the fastest way to deploy and manage a Content Security Policy for your web application. Managing updates to your Content Security Policy will become a frictionless experience and happens in real time without pushing any code changes. Powering things behind the scenes are a combination of our proprietary data and machine learning models that allow Templarbit to automatically make a decision on policy changes without relying on human input.