A web browser client includes an aggregated web application runtime environment that controls access by a program fragment of an aggregated web application to a resource therein based upon the originating domain of the program fragment. To do so, the aggregated web application runtime environment appends an access attribute to the Document Object Model (DOM) node associated with the resource. This access attribute is associated with a plurality of access rights definitions where each access rights definition defines a set of access rights to the resource for program fragments originating from a domain with a specific access rights status. Accordingly, the aggregated web application runtime environment sets one or more access rights statuses of the originating domain of the program fragment, and thereafter, grants or denies the program fragment access to the resource based upon one or more sets of access rights defined for that program fragment.