Exploit Server
JS that is executed if victim accesses page
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
<script>
alert()
</script>
Expliot Server
JS that is executed if it is included in script-tags
<script src=https://server.com/js/test.js">
Content-Type: text/js; charset=utf-8
Last changed12 days ago