10. Security
10.1 HTTPS
Websites must be loaded over HTTPS with a valid certificate.
10.2 Secure Connection
Websites must have a secure connection.
Identifying Secure Connections
Secure connections are signified by a green lock icon next to the URL in the URL bar of most modern browsers.
Loading Resources
Non-compliance is often due to loading resources explicitly over HTTP. This can easily be resolved by loading resources explicitly over HTTPS or in select use cases using relative protocol.
The following code shows an example of noncompliance due to resourcing loading, and 2 examples of how to potentially resolve the issue.
<!-- Loading explicitly over HTTP, noncompliant -->
<link type="stylesheet" href="http://example.vcu.edu/media/styles.css">
<!-- Loading explicitly over HTTPS, compliant, preferred -->
<link type="stylesheet" href="https://example.vcu.edu/media/styles.css">
<!-- Loading over relative protocol, compliant, select use cases -->
<link type="stylesheet" href="//example.vcu.edu/media/styles.css">
10.3 Authentication & Form Requests
Websites that contain pages requiring authentication or forms requesting sensitive data must send requests over SSL with a secure connection.
10.4 Redirects
Websites must not automatically redirect visitors to an external non vcu.edu domain.