Web applications implement Content-Security-Policy, HSTS and X-Frame-Options via security policy in response headers.
Topic
Web browser-based security controls
Applicable to
all
History
Priority
should
Mar 2022
Web applications implement Content-Security-Policy, HSTS and X-Frame-Options via security policy in response headers.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Oct 2019
Web applications implement Content-Security-Policy, HSTS and X-Frame-Options response headers.
Security control 1424 was modified to state the response header types to implement for web applications.
Sep 2019
Web browser-based security controls are implemented for web applications in order to help protect both web applications and their users.
2017
Web browser-based security controls should be implemented for web applications in order tohelp protect the web application and its users.
Control Text Changed. No public explaination.
2015
Agencies should implement browser-based security controls for web applications in order tohelp protect the web application and its usersOpen Web Application Security ProjectThe Open Web Application Security Project provides a comprehensive resource to consultwhen developing web applications.