# Do not expose constants to client

<table><thead><tr><th width="138">Check ID</th><th>CONST_0001</th></tr></thead><tbody><tr><td>Category</td><td>Security</td></tr><tr><td>Summary</td><td>Constants can be configured to have their value exposed to clients. When configured in this way, any user with a session van read their value. Usually constants hold important (and sometimes secret) values used by your app, and therefore they should not be exposed to the client. Be careful when enabling this option on a constant.</td></tr><tr><td>Options</td><td>There are no options for this check.</td></tr><tr><td>Pass</td><td>The setting <strong>Exposed to client</strong> for a constant is set to no.</td></tr><tr><td>Fail</td><td>The setting <strong>Exposed to client</strong> for a constant is set to yes.</td></tr></tbody></table>