11.3 Trusted HTTP headers are authenticated

Verify that HTTP headers added by a trusted proxy or SSO devices, such as a bearer token, are authenticated by the application.

Levels: 2, 3