ASVS Requirement 14.3.1

• Level: 1
• Chapter: V14 Data Protection
• Section: V14.3 Client-side Data Protection
• Source: 0x23-V14-Data-Protection.md

Description

Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated. The 'Clear-Site-Data' HTTP response header field may be able to help with this but the client-side should also be able to clear up if the server connection is not available when the session is terminated.