CISOBot - Your AI CISO Assistant

WEB-12

Web Browser Security

Weight: 9/10

Description

Mechanisms exist to ensure web applications implement Content-Security-Policy, HSTS and X-Frame-Options response headers to protect both the web application and its users.

Control Question

Does the organization ensure web applications implement Content-Security-Policy, HSTS and X-Frame-Options response headers to protect both the web application and its users?

Control Metadata

Domain:

Web Security

Validation Cadence:

Annual

Have questions about this control?

Ask CISOBot for implementation guidance and best practices