The latest articles on DEV Community by Vishal Kandu (@vishalkandu01). https://dev.to/vishalkandu01 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F753039%2Ff5e30def-5d4a-4f29-a726-b743ffa848ad.png https://dev.to/vishalkandu01 en Vishal Kandu Sun, 03 Dec 2023 11:12:47 +0000 https://dev.to/vishalkandu01/why-getting-token-from-header-is-more-secure-7p3 https://dev.to/vishalkandu01/why-getting-token-from-header-is-more-secure-7p3 <ol> <li><p>Preventing Exposure in URLs: Tokens contained in the header are shielded from exposure in the URL. When URL parameters contain sensitive data, there may be a security issue because they are frequently recorded in multiple locations, including browser history and server logs.</p></li> <li><p>Cross-Site Request Forgery (CSRF) Protection: Placing tokens in the header helps protect against CSRF attacks. Malicious websites may be able to operate on behalf of the user without authorization if tokens are present in the request body or URL. Tokens based on headers are immune to these kinds of attacks.</p></li> <li><p>Keeping Cookies Safe from Cross-Site Scripting (XSS) Attacks: Tokens contained in cookies may be subject to XSS attacks. Tokens stored in headers are less likely to be accessed or altered by malicious scripts.</p></li> </ol> webdev backend security