Cross-site scripting (XSS) allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types: stored XSS where the payload is saved on the server and executed every time the page is loaded; reflected XSS where the payload is included in the response based on user input; and DOM-based XSS where JavaScript code executes the payload. XSS can be used to perform actions like making unauthorized requests, logging keystrokes, or hijacking user sessions. Cross-site request forgery (CSRF) is an attack where authenticated requests are performed without the user's knowledge or consent by tricking them into loading a page with malicious input. HTTP response splitting, also known