Two important headers that can mitigate XSS are:| markitzeroday.com
This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.| Virtue Security
Last year, I built a small tool to detect inline styles and scripts in a given webpage/document and then calculate their hashes. It can be useful for someone trying to write a strict “Content-Security-Policy” (CSP) for pre-built websites. I described the reasoning at the time in this blog post.| Gonçalo Valério