Web application security is currently reliant on server-side mechanisms. The document argues that constraints on client behavior are best enforced at the client through end-to-end mechanisms. It proposes Mutation-Event Transforms, a novel and flexible mechanism for enforcing application security policies at the client-side through modifications to the browser.