Pages rating

If you are new to page security, we recommend you first read through our dedicated article on the subject:

Article: Security | Page security

From the perspective of security, each of your pages has one of two security profiles: it’s either public (like the front page of a website), or it is not (like a dashboard that users need to log into to see).

What this means practically is that the latter should redirect users to another page when they try to access it. Imagine trying to view the email inbox of someone else for example; you will be redirected to a log in page to make sure you don’t have access to any sensitive information.

Flusk currently evaluates whether a page is accessible to logged-in users or non-logged-in users. It does not assess more advanced page security setups, such as restricting access to admin users by verifying specific user fields

Like we mention in our article series on page security, redirecting users is a kind of ; even if a user should get access to the page, they should not be able to download and view any data (as it is protected by ). But from a UX perspective, redirecting to a login or error page provides a clear path for the user, either prompting them to log in or letting them know they’re attempting to access a restricted area.

As Flusk generates reports that highlight the status of each page (whether it redirects correctly or not), it needs to know how you as a developer mean for each page to behave. This is where page ratings come in.

The page rating tool gives you an overview of all your pages, and allows you to assign a rating to each one. This instructs Flusk to recognize a page as or .

To access the page rating tool, click Advanced – Page rating.

Automatic ratings

Flusk will attempt to give each of your pages a rating on its own by using AI. For example, a 404 page will usually be public, and can be predicted by AI with a fairly high level of confidence. You can override this automatic rating by providing a rating of your own, or confirming Flusk’s attempt.

Manual ratings

Every page can be given the rating Safe or Sensitive by clicking on the rate in the page rating tool.

  • Safe: the page can be accessed by anyone (like a front page)

  • Sensitive: the page should only be accessible by logged-in users, and non-logged in users should be redirected

Last updated

#829: Flusk: more detailed Issue Descriptions

Change request updated