ASVS Requirement 14.2.1

• Level: 1
• Chapter: V14 Data Protection
• Section: V14.2 General Data Protection
• Source: 0x23-V14-Data-Protection.md

Description

Verify that sensitive data is only sent to the server in the HTTP message body or header fields, and that the URL and query string do not contain sensitive information, such as an API key or session token.