Internet Browser Standards Guide

Background
Purpose & Scope
Support vs. Non Support for Web-based Service(s)
Criteria for Evaluating Non-Support of a Browser
General Browser Requirements
Current Web Browser Recommendations
Plug-ins and Players
Browser Security
Accessibility Concerns
Re-evaluation of Web Browsers
Developers and Web Service Managers
Browser Standards Feedback

 


Background

The campus relies upon a variety of Web-based services for business and academic uses. Maintaining compatibility with Web browsers and versions is a task that affects the time of those who deploy and manage those services in the areas of software/Web development, QA/testing, and use support, as well as staff that manage labs, equipment checkout pools, and computers assigned to faculty and staff.

In the absence of university standards for supported browser makes and versions, units managing Web-based services are charged with deriving their own standards on a distributed basis.

 

Purpose & Scope

The purpose and scope of the Browser Standards working group was to:

  • Establish a baseline for supported browsers at the university
  • Define a browser version/make target for IT operations and supporting computers in labs, checkout pools, and computers for university faculty, staff and students
  • Specify criteria for how the decision to support or not support browsers can be evaluated
  • Establish what non-support for browsers means for users
  • Provide guidance for university IT operations in the areas of Development, Testing, and Service of Web applications and sites
  • Provide support for campus community
  • Reduce cost for IT operations related to support for Web-based applications

Note: The Browser Standards document provides recommendation and does not dictate that all Web-based services must support all of the browsers.

 

Support vs. Non Support for Web-based Service(s)

A Web-based service should list the specific set of browsers it supports. The supported list should only include browsers with which the Web-based service is routinely tested. It is recommended that browsers for which the Web-based service is known to work but in which changes are not tested be omitted from the list.

For a browser to be supported by a Web-based service, the service must allow users of that browser to access the essential functionality of the service. The service can disable or hide non-essential functionality in supported browsers that do not support the necessary functionality.

Unsupported browsers may or may not work in the Web-based service. Web-based services should not use browser-detection to block or allow access to specific browsers, as this approach tends to stop working when new browsers are released.
 

Criteria for Evaluating Non-Support of a Browser

Reasons for non-support of a browser include:

  • The platform on which the browser runs is not supported by the university
  • A supported alternative browser is available
  • The browser has known security issues
  • The vendor no longer provides security updates for the browser
  • The browser is too expensive to support
  • The browser is not in broad use by the target audience for the application/site

 

General Browser Requirements

SF State recommends the following Web browser requirements to maintain compatibility across most Web services:

  • The browser should have JavaScript enabled. JavaScript is a scripting language that may be used to provide interactive or dynamic pages. Some university Web services may not function properly if JavaScript is disabled.
  • The browser should be configured to accept cookies. A cookie is a text-only user identifier string that gets entered into the memory of your browser. Some university Web services will not function if cookies are not accepted.
  • The browser should be capable of 128-bit Secure Sockets Layer (SSL) encryption. Passwords and other sensitive data must be encrypted when in transit over the network as described in SF State’s Policy for Server Security. Browser sessions that authenticate users must do so over encrypted protocols such as HTTPS or SSL. Most modern browsers are capable of this encryption support.

 

Current Web Browser Recommendations

The Working Group recommends that these Recommendations should be moved to a Web page, possibly containing other university IT recommendations and standards, for ease of reference and updating apart from this Standard. The Recommendations are presented here until they can be moved to a separate document on the Web.

Please note, SF State security policy recommends browsers be kept up-to-date. The following recomendations reflect browser versions that have been veted by the Working Group for use with SF State Web applications. The use of an out-of-date browser should be limited to intances where it is required in order to perform duties necessary to university operations.

 

Supported Browser Recomendations
Platform Browser(s) Supported as of:
Cross Platform Firefox 31, Chrome 30 September 18, 2014
Mac OS X Safari 6-7 September 18, 2014
Windows Internet Explorer 10 September 18, 2014
Mobile SF State is currently working on a mobile site. Re-evaluation of mobile Web-browsers will be visited next quarter. September 18, 2014

 

Plug-ins and Players

SF State does not test all the plugins. Known incompatibilities will be documented. Some of the commonly used plug-ins or players in order to use some campus Web services are:

  • Adobe Reader for viewing PDF files
  • Adobe Flash Player for viewing Websites that use the Flash multimedia platform
  • Quicktime for viewing Quicktime audio and video files  

 

Browser Security

Browsers should be checked for vulnerabilities and patches. Currently, SF State recommends using Qualys Browser Check to perform a security analysis of a browser and its plugins to identify security issues.

Please refer to SF State’s Information Security Program and recommendations on Protecting Your Computer to learn more about Browser Security. Additional information is available at SF State’s Policy for Web Application Development and Security and Mobile Computing Devices Security Policy. Application development efforts should take into consideration browser security capabilities and enhanced protection required for sensitive data per the CSU Data Classification.

 

Accessibility Concerns

The Disability Programs and Resource Center (DPRC) maintains a list of adaptive technologies, many of which have implications in terms of browser support. The list is available at http://www.sfsu.edu/~dprc/adaptive/software/. Developers and Web service managers should routinely consult this list to ensure that their Web-based services are compatible with the browsers required by the adaptive technologies in use at the campus.

 

Re-evaluation of Web Browsers

Browser Standards and Recommendations will be re-evaluated on a quarterly basis as needed. The re-evaluation may be canceled if no new issues have arisen since the last working group meeting. The meeting should be scheduled to allow for any changes to the recommendations or standard to be implemented in labs, workstation refreshes, etc. Re-evaluation covers introduction of new browsers and retirement of older browsers from the list of current recommendations.

 

Developers and Web Service Managers

Web service managers are responsible for ensuring their service is routinely tested against the browsers in the service’s compatibility list. The service’s browser compatibility list should factor in the browser usage statistics for the service’s target audience. We recommend that services intended for the university community use the Current Web Browser Recommendations as a starting point for browser support. Although services are not required to support all of the browsers in the recommendations, supporting at least some subset of these browsers will provide maximum compatibility for the university community.

The criteria specified in Criteria for Non-Support of a Browser should drive the considerations for non-support.

Developers should employ Web development best practices to ensure broad support across modern, standards-compliant browsers and to avoid future compatibility issues. We recommend the use of feature detection (instead of browser/user-agent detection), progressive enhancement, compatibility shims, and related approaches to maximize browser support and to provide graceful failure modes without incurring excessive browser compatibility development, testing, and support costs.

 

Browser Standards Feedback

Please email the Browser Standards Working Group with pertinent information and feedback regarding Browser Standards.