# Pages rating

{% hint style="info" %}
If you are new to page security, we recommend you first read through our dedicated article on the subject:

Article: [Security](https://manual.bubble.io/~/changes/lkknp2T2KBasv7RmhMhx/help-guides/security) | [Page security](https://manual.bubble.io/~/changes/lkknp2T2KBasv7RmhMhx/help-guides/security/page-security)
{% endhint %}

From the perspective of security, each of your pages has one of two security profiles: it’s either public (like the front page of a website), or it is not (like a dashboard that users need to log into to see).

What this means practically is that the latter should redirect users to another page when they try to access it. Imagine trying to view the email inbox of someone else for example; you will be redirected to a log in page to make sure you don’t have access to any sensitive information.&#x20;

{% hint style="warning" %}
Flusk currently evaluates whether a page is accessible to logged-in users or non-logged-in users. It does not assess more advanced page security setups, such as restricting access to admin users by verifying specific user fields
{% endhint %}

Like we mention in our [article series on page security](https://manual.bubble.io/~/changes/lkknp2T2KBasv7RmhMhx/help-guides/security/page-security), redirecting users is a kind of obfuscation[^1]; even if a user should get access to the page, they should not be able to download and view any data (as it is protected by [privacy rules](#user-content-fn-2)[^2]). But from a UX perspective, redirecting to a login or error page provides a clear path for the user, either prompting them to log in or letting them know they’re attempting to access a restricted area.

As Flusk generates reports that highlight the status of each page (whether it redirects correctly or not), it needs to know how you as a developer mean for each page to behave. This is where page ratings come in.

The page rating tool gives you an overview of all your pages, and allows you to assign a rating to each one. This instructs Flusk to recognize a page as [*safe*](#user-content-fn-3)[^3] or [*sensitive*](#user-content-fn-4)[^4].&#x20;

To access the page rating tool, click *Advanced – Page rating*.

#### Automatic ratings

Flusk will attempt to give each of your pages a rating on its own by using AI. For example, a 404 page will usually be public, and can be predicted by AI with a fairly high level of confidence. You can override this automatic rating by providing a rating of your own, or confirming Flusk’s attempt.

#### Manual ratings

Every page can be given the rating Safe or Sensitive by clicking on the rate in the page rating tool.

* Safe: the page can be accessed by anyone (like a front page)
* Sensitive: the page should only be accessible by logged-in users, and non-logged in users should be redirected

[^1]: Obfuscation involves making something harder to understand or access, acting as a deterrent against unauthorized use.&#x20;

    While it adds *complexity* for potential attackers, it is not considered a standalone security measure.

[^2]: *Privacy Rules* are conditions that you set up on each data type in order to protect the data from being viewed and edited by unauthorized users.

    Article: [Protecting data with privacy rules](https://manual.bubble.io/~/changes/lkknp2T2KBasv7RmhMhx/help-guides/data/the-database/protecting-data-with-privacy-rules)

[^3]: The page can be accessed by anyone.

[^4]: The page should only be accessible to logged-in users.