# Pages rating

{% hint style="info" %}
If you are new to page security, we recommend you first read through our dedicated article on the subject:

Article: [Security](https://manual.bubble.io/~/changes/1104/help-guides/security) | [Page security](https://manual.bubble.io/~/changes/1104/help-guides/security/page-security)
{% endhint %}

## Overview

From the perspective of security, each of your pages has one of two security profiles: it’s either public (like the front page of a website), or it is not (like a dashboard that users need to log into to see).

What this means practically is that the latter should redirect users to another page when they try to access it. Imagine trying to view the email inbox of someone else for example; you will be redirected to a log in page to make sure you don’t have access to any sensitive information.&#x20;

{% hint style="warning" %}
The security dashboard currently evaluates whether a page is accessible to logged-in users or non-logged-in users. It does not assess more advanced page security setups, such as restricting access to admin users by verifying specific user fields
{% endhint %}

Like we mention in our [article series on page security](https://manual.bubble.io/~/changes/1104/help-guides/security/page-security), redirecting users is a kind of obfuscation[^1]; even if a user should get access to the page, they should not be able to download and view any data (as it is protected by [privacy rules](#user-content-fn-2)[^2]). But from a UX perspective, redirecting to a login or error page provides a clear path for the user, either prompting them to log in or letting them know they’re attempting to access a restricted area.

As the security dashboard generates reports that highlight the status of each page (whether it redirects correctly or not), it needs to know how you as a developer mean for each page to behave. This is where page ratings come in.

The page rating tool gives you an overview of all your pages, and allows you to assign a rating to each one. This instructs the security dashboard to recognize a page as [*public*](#user-content-fn-3)[^3] or [*private*](#user-content-fn-4)[^4].

#### Automatic ratings

The security dashboard will attempt to give each of your pages a rating on its own by using AI. For example, a 404 page will usually be public, and can be predicted by AI with a fairly high level of confidence. You can override this automatic rating by providing a rating of your own, or confirming Bubble's attempt.

#### Manual ratings

Every page can be given the rating *public* or *private* by clicking on the rate in the page rating tool.

* **Public:** the page can be accessed by anyone (like a front page)
* **Private:** the page should only be accessible by logged-in users, and non-logged in users should be redirected

## Accessing the page rating tool

You can access the page rating tool from the *Issues explorer* *Test settings* dropdown.

[^1]: Obfuscation involves making something harder to understand or access, acting as a deterrent against unauthorized use.&#x20;

    While it adds *complexity* for potential attackers, it is not considered a standalone security measure.

[^2]: *Privacy Rules* are conditions that you set up on each data type in order to protect the data from being viewed and edited by unauthorized users.

    Article: [Protecting data with privacy rules](https://manual.bubble.io/~/changes/1104/help-guides/data/the-database/protecting-data-with-privacy-rules)

[^3]: The page can be accessed by anyone.

[^4]: The page should only be accessible to logged-in users.