Validates required request headers and Cross-Site Request Forgery related headers before a response is returned to the client.
This control ensures that specified request headers are present and optionally match configured format requirements. It helps detect misconfigurations, incomplete deployments, or regressions where important security headers, such as those related to Cross-Site Request Forgery protection, session management, or browser security controls, are missing or malformed.