Digital experience standards

Based on public policy, web protocol, guidelines and best practices.

Indicators StandardWhyGuidance
The site restricts what can be loaded.
Helps stop hackers by blocking harmful code from running on your website.
Site upgrades to a secure connection.
Forces secure connections, protecting user data by making websites always load with encryption.
The site has a security.txt file.
Provides contact info for reporting security issues, helping site owners fix problems quickly and keep users safe.
The site prevents mime type sniffing.
Stops browsers from guessing file types, helping prevent security risks by enforcing correct content handling.
Tracks mistakes in code for debugging.
Signals problems in website code, helping developers fix issues that could affect how the site works or displays.
    Stops fake clicks on hidden content.
    Prevents malicious websites from tricking users into clicking hidden elements, enhancing site security and protecting user actions.
    Page doesn't allow copy-paste into inputs.
    Negatively impacts user experience and weakens security by blocking password managers.
      Privacy and integrity protection.
      Secures data by encrypting communication, protecting user privacy and preventing unauthorized access to sensitive information during online interactions.
      Sponsored top-level domain (.gov / .edu / .mil).
      Defines trusted website categories, helping users identify official sites and improving credibility and security for specific organizations.