Skip to main content

Remove sensitive data from client-side applications


Access codes, tokens or credentials should be removed from client-side applications. If its needed, the associated service should support Access Control Lists based on the expected origin.


Storing sensitive information on the client side increases security risks, as it could be exposed, intercepted, or tampered by malicious actors. Also, the Access Control Lists (ACLs) is a useful mechanism used to control access to resources based on specified rules mitigating the risk of unauthorized access to sensitive data.

Supported In

This requirement is verified in following services



free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.