Pages rating

From the perspective of security, each of your pages has one of two security profiles: it’s either public (like the front page of a website), or it is not (like a dashboard that users need to log into to see).

What this means practically is that the latter should redirect users to another page when they try to access it. Imagine trying to view the email inbox of someone else for example; you will be redirected to a log in page to make sure you don’t have access to any sensitive information.

Like we mention in our article series on page security, redirecting users is a kind of obfuscation; even if a user should get access to the page, they should not be able to download and view any data (as it is protected by privacy rules). But from a UX perspective, redirecting to a login or error page provides a clear path for the user, either prompting them to log in or letting them know they’re attempting to access a restricted area.

As Flusk generates reports that highlight the status of each page (whether it redirects correctly or not), it needs to know how you as a developer mean for each page to behave. This is where page ratings come in.

The page rating tool gives you an overview of all your pages, and allows you to assign a rating to each one. This instructs Flusk to recognize a page as safe or sensitive.

To access the page rating tool, click Advanced – Page rating.

Automatic ratings

Flusk will attempt to give each of your pages a rating on its own by using AI. For example, a 404 page will usually be public, and can be predicted by AI with a fairly high level of confidence. You can override this automatic rating by providing a rating of your own, or confirming Flusk’s attempt.

Manual ratings

Every page can be given the rating Safe or Sensitive by clicking on the rate in the page rating tool.

• Safe: the page can be accessed by anyone (like a front page)

• Sensitive: the page should only be accessible by logged-in users, and non-logged in users should be redirected