Security Answers

Expert answers to 33 security questions — HTTP headers, web vulnerabilities, LLM security, and prompt injection defense. Each answer includes code examples, prevention strategies, and related questions.

Security Headers

• Content-Security-Policy (CSP) Header Explained
• X-Frame-Options Header Explained
• Strict-Transport-Security (HSTS) Header Explained
• X-Content-Type-Options Header Explained
• Referrer-Policy Header Explained
• Permissions-Policy Header Explained
• Cross-Origin-Opener-Policy (COOP) Header Explained
• Cross-Origin-Resource-Policy (CORP) Header Explained
• X-XSS-Protection Header Explained
• Cache-Control for Security — Preventing Sensitive Data Leaks

Web Security Fundamentals

• What Is XSS (Cross-Site Scripting)?
• What Is CSRF (Cross-Site Request Forgery)?
• What Is SQL Injection?
• What Is CORS (Cross-Origin Resource Sharing)?
• What Is Clickjacking?
• What Is SSRF (Server-Side Request Forgery)?
• What Is an Open Redirect Vulnerability?
• What Is Directory Traversal (Path Traversal)?

LLM & AI Security

• LLM Data Poisoning — Training Data Attacks Explained
• LLM Model Extraction — Stealing AI Models via API
• LLM Training Data Leakage — When Models Memorize Secrets
• LLM Hallucinations as a Security Risk
• RAG Security Risks — Retrieval-Augmented Generation Vulnerabilities
• LLM Supply Chain Risks — Model and Dependency Attacks
• AI Red Teaming Guide — How to Test LLM Security

Prompt Security

• What Is Prompt Injection?
• How to Prevent Prompt Injection
• DAN Jailbreak Explained
• System Prompt Best Practices
• Is My Chatbot Secure?
• OWASP LLM Top 10
• How to Write a Secure System Prompt
• What Is Indirect Prompt Injection?

Scan your system prompt with LochBot — free, client-side, no data sent anywhere.