10.1 HTTPS

Websites must be loaded over HTTPS with a valid certificate.

10.2 Secure Connection

Websites must have a secure connection.

Identifying Secure Connections

Secure connections are signified by a green lock icon next to the URL in the URL bar of most modern browsers.

Loading Resources

Non-compliance is often due to loading resources explicitly over HTTP. This can easily be resolved by loading resources explicitly over HTTPS or in select use cases using relative protocol.

The following code shows an example of noncompliance due to resourcing loading, and 2 examples of how to potentially resolve the issue.

<!-- Loading explicitly over HTTP, noncompliant -->
<link type="stylesheet" href="http://example.vcu.edu/media/styles.css">
<!-- Loading explicitly over HTTPS, compliant, preferred -->
<link type="stylesheet" href="https://example.vcu.edu/media/styles.css">
<!-- Loading over relative protocol, compliant, select use cases -->
<link type="stylesheet" href="//example.vcu.edu/media/styles.css">

10.3 Authentication & Form Requests

Websites that contain pages requiring authentication or forms requesting sensitive data must send requests over SSL with a secure connection.

10.4 Redirects

Websites must not automatically redirect visitors to an external non vcu.edu domain.