Mechanisms exist to prevent unauthorized code from being present in a secure page as it is rendered in a client’s browser.

Does the organization prevent unauthorized code from being present in a secure page as it is rendered in a client’s browser?