In case of an valid URL-record type written on an NFC tag the OS loads the web app directly in the browser (without any third party app).
I haven’t tested beacons yet and I am not sure if they are able to procude an URL intent without having to install a third party app.
I know that the security of the web app itself is not getting improved by limiting an app to a certain kind of URL intent. But I think that it is a way to improve UX and to prevent misuse of the web app (i.e. when the web app is limited to NFC intents, the user is not able to load the app by entering its URL into the browser manually. Instead he is forced to scan a tag and “wait” for the OS to load the app) This approach might lead to potentially better secured web apps.