ToppyMicroServices

RFC 6265 Quiz

HTTP State Management Mechanism

πŸ‡ΊπŸ‡Έ πŸ‡―πŸ‡΅
0 / 0

References (URLs)

Goal: apply Secure, HttpOnly, SameSite correctly, and avoid common mistakes.

Q1: Which response header is used to set a cookie in a browser

Multiple Choice
**Explanation:** **Correct (B):** Servers send Set-Cookie, clients send Cookie **Options:** - A (incorrect): Cookie is the request header - B (correct): Set-Cookie creates or updates a cookie - C (incorrect): Not a standard header

Q2: Which are common cookie attributes (select all)

Multi-Select
**Explanation:** **Correct (A,B,C,D):** These attributes affect transport, script access, cross site behavior, and lifetime **Options:** - E (incorrect): Cache-Control is a separate HTTP caching header

Q3: What does HttpOnly primarily do

Multiple Choice
**Explanation:** **Correct (A):** HttpOnly reduces cookie theft via XSS, but does not fix XSS itself **Options:** - B (incorrect): Encryption is not implied - C (incorrect): Cross site behavior is controlled by SameSite

Q4: What does Secure mean for a cookie

Multiple Choice
**Explanation:** **Correct (C):** It helps prevent leakage over plaintext HTTP **Related:** For session cookies, also use HttpOnly and an appropriate SameSite policy

Q5: Which SameSite mode is commonly used to reduce CSRF while keeping many normal navigations working

Multiple Choice
**Explanation:** **Terms:** CSRF, cross site request **Correct (B):** Lax blocks many cross site subrequests while allowing top level navigation in common cases **Options:** - A (incorrect): None allows cross site sending when used with Secure, which increases CSRF risk - C (incorrect): Not a real mode

Q6: What is the request header name that sends cookies back to the server (one word)

Short Text
**Explanation:** **Correct:** Cookie **Related:** Browsers decide which cookies to include based on domain, path, and attributes