From a7bca3c9c1ead6f373b531825ff5200aebeb1e82 Mon Sep 17 00:00:00 2001
From: sydseter <johan.sydseter@admincontrol.com>
Date: Wed, 2 Jul 2025 16:59:04 +0200
Subject: [PATCH] Fixes #125 SCP [138, 140] Cornucopia - Data Protection

---
 docs/en/04-design/02-web-app-checklist/08-protect-data.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/en/04-design/02-web-app-checklist/08-protect-data.md b/docs/en/04-design/02-web-app-checklist/08-protect-data.md
index 7bdc2fd1..c37fcfa3 100644
--- a/docs/en/04-design/02-web-app-checklist/08-protect-data.md
+++ b/docs/en/04-design/02-web-app-checklist/08-protect-data.md
@@ -20,6 +20,8 @@ and use the list below as suggestions for a checklist that has been tailored for
 10. Implement least privilege, restricting access to functionality, data and system information
 11. Protect all cached or temporary copies of sensitive data from unauthorized access
 12. Purge those temporary copies of sensitive data as soon as they are no longer required
+13. Do not include sensitive information in the URL or query string, such as an API key or session token
+14. Disable client side caching on pages containing sensitive information (e.g. Cache-Control: no-store)
 
 #### 2. Memory management