ASVS Requirement 3.5.7

• Level: 3
• Chapter: V3 Web Frontend Security
• Section: V3.5 Browser Origin Separation
• Source: 0x12-V3-Web-Frontend-Security.md

Description

Verify that data requiring authorization is not included in script resource responses, like JavaScript files, to prevent Cross-Site Script Inclusion (XSSI) attacks.