# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # Adding a new metric? We have docs for that! # https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/new_definitions_file.html --- $schema: moz://mozilla.org/schemas/glean/metrics/2-0-0 $tags: - 'Core :: DOM: Security' httpsfirst: upgraded: type: counter description: > Counts how often a load is successfully upgraded to HTTPS because of HTTPS-First (`dom.security.https_first` enabled). This does not include loads that get downgraded again. bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never upgraded_schemeless: type: counter description: > Counts how often a load is successfully upgraded to HTTPS because of schemeless HTTPS-First (`dom.security.https_first` disabled, but load marked as schemeless). This does not include loads that get downgraded again. bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never downgraded: type: counter description: > How many regular HTTPS-First (`dom.security.https_first` enabled) upgrades fail and get downgraded again. bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never downgraded_schemeless: type: counter description: > How many schemeless HTTPS-First (`dom.security.https_first` disabled, but load marked as schemeless) upgrades fail and get downgraded again. bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never downgraded_on_timer: type: rate description: > How many HTTPS-First (`dom.security.https_first` enabled) upgrades get downgraded again because the HTTP request fired after 3s received a answer faster than the HTTPS request. denominator_metric: httpsfirst.downgraded bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never downgraded_on_timer_schemeless: type: rate description: > How many of schemeless HTTPS-First (`dom.security.https_first` disabled, but load marked as schemeless) upgrades get downgraded again because the HTTP request fired after 3s received a answer faster than the HTTPS request denominator_metric: httpsfirst.downgraded_schemeless bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never downgrade_time: type: timing_distribution description: > If a HTTPS-First (`dom.security.https_first` enabled) upgrade isn't successful, measures the timespan between the navigation start and the downgrade. time_unit: millisecond bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never downgrade_time_schemeless: type: timing_distribution description: > If a schemeless HTTPS-First (`dom.security.https_first` disabled, but load marked as schemeless) upgrade isn't successful, measures the timespan between the navigation start and the downgrade. time_unit: millisecond bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10 data_sensitivity: - technical notification_emails: - mjurgens@mozilla.com - seceng-telemetry@mozilla.com expires: never security: unexpected_load: type: event description: > Long term want to block all loads from the system principal that cause us to parse non-trivial data. We don't look to break existing functionality and will allow exceptions, for this we are collecting information about unexpected requests triggered by the system principal Our measurement *excludes* acceptable requests. Those are: - annotated using the 'AllowedDeprecatedSystemRequests' loadinfo flag - using a nsContentPolicyType of FETCH, XMLHTTPREQUEST, WEBSOCKET, SAVEAS_DOWNLOAD or IMAGE - with a requested URI object has the flag URI_IS_UI_RESOURCE - if the URL scheme is 'view-source' - if the URL scheme is 'file' and the Content-Type is STYLESHEET or OTHER - if the scheme is 'jar', 'about' or 'moz-extension' This event was generated to correspond to the Legacy Telemetry event security.unexpectedload#systemprincipal. bugs: - https://bugzil.la/1644671 data_reviews: - https://bugzil.la/1644671 notification_emails: - fbraun@mozilla.com - ckerschb@mozilla.com expires: never extra_keys: value: description: > The `value` of the event. Mirrors to the Legacy Telemetry event's `value` parameter. The filename's type, see `nsContentSecurityUtils::FilenameToFilenameType(...)`. type: string contenttype: description: > Information about the content-type we expect to receive type: string remotetype: description: > Information about the remoteType in which we triggered the load type: string filedetails: description: > Information about the file that triggered the load type: string redirects: description: > Comma-separated string listing schemes for URLs that we redirected from type: string telemetry_mirror: Security_Unexpectedload_Systemprincipal eval_usage_system_context: type: event # Disable yamllint for long lines # yamllint disable description: > eval() (or an eval()-like method) was called while running in the System Principal context or the Parent Process. Expected values are: - chromeuri - chrome:// file - resourceuri - resource:// file - datauri - a data URI - bloburi - a blob URI - abouturi - an about URI - singlestring - A single file or string with no slashes - mozillaextension - An extension claiming to be from *mozilla.org (Deprecated) - otherextension - Another extension not from Mozilla (Deprecated) - mozillaextension_file - An extension claiming to be from *mozilla.org, loaded from a file:// - otherextension_file - Another extension not from Mozilla, loaded from a file:// - extension_uri - A URI with the moz-extension:// scheme - suspectedUserChromeJS - A filepath ending in .uc.js - sanitizedWindowsPath - A filepath, on Windows, sanitized by WinUtils::PreparePathForTelemetry which is a bare filename or a subpath of %ProgramFiles%, %SystemRoot%, or %TEMP% - sanitizedWindowsURL - A partial URL, on Windows, consisting of either file://../ followed by the value prepared as for sanitizedWindowsPath, or the bare scheme of the original url - other - Unknown - other-on-worker - We cannot do a regex; it is not a chrome, resource, data, or blob uri, but could be any other. - regexfailure - Our Regex Matching code threw an error The fileinfo key may contain additional information about the file that caused the eval() depending on the above value. Resource, Chrome, About, and SingleString will contain the full value. (About URIs will remove any querystring values.) Extensions-from-file will contain the full value; however .xpi! will be shortened to !, shield.mozilla.org! to s! and mozilla.org! to m!. Data, Blob, UserChromeJS, Other, and Regexfailure should have no value. This event was generated to correspond to the Legacy Telemetry event security.evalUsage#systemContext. # yamllint enable bugs: &security_evalUsage_bugs - https://bugzil.la/1567623 data_reviews: &security_evalUsage_data_reviews - https://bugzil.la/1567623 notification_emails: - tom@mozilla.com - ckerschb@mozilla.com expires: never extra_keys: &security_evalUsage_extra value: description: > The `value` of the event. Mirrors to the Legacy Telemetry event's `value` parameter. The filename's type, see `nsContentSecurityUtils::FilenameToFilenameType(...)`. type: string fileinfo: description: > Information about the file that triggered eval type: string telemetry_mirror: Security_Evalusage_Systemcontext csp_violation_internal_page: type: event description: > Information about Content-Security-Policy violations that happen in internal pages like chrome:// bugs: - https://bugzil.la/1942622 data_reviews: - https://bugzil.la/1942622 notification_emails: - tschuster@mozilla.com - freddy@mozilla.com expires: never extra_keys: directive: description: > The same as SecurityPolicyViolationEvent's effectiveDirective. type: string selftype: description: > The sanitized type of the "self uri", which is roughly similar to the documentURI. This follows eval_usage_system_context sanitization procedure. type: string selfdetails: description: > A sanitized version of the "self uri", which is roughly similar to the documentURI, e.g. the whole chrome:// URL in some cases. This follows eval_usage_system_context sanitization procedure. type: string sourcetype: description: > The sanitized type of SecurityPolicyViolationEvent's sourceFile, e.g. "chromeuri". This follows eval_usage_system_context sanitization procedure. type: string sourcedetails: description: > A sanitized version of SecurityPolicyViolationEvent's sourceFile, e.g. the whole chrome:// URL in some cases. This follows eval_usage_system_context sanitization procedure. type: string blockeduritype: description: > The sanitized type of SecurityPolicyViolationEvent's blockedURI. type: string blockeduridetails: description: > A sanitized version of SecurityPolicyViolationEvent's blockedURI. type: string linenumber: description: > The same as SecurityPolicyViolationEvent's lineNumber. type: quantity columnnumber: description: > The same as SecurityPolicyViolationEvent's columnNumber. type: quantity sample: description: > The same as SecurityPolicyViolationEvent's sample. (Only for violations from chrome:) type: string eval_usage_parent_process: type: event description: > eval() (or an eval()-like method) was called while running in the System Principal context or the Parent Process. Expected values are: chromeuri - chrome:// file resourceuri - resource:// file datauri - a data URI bloburi - a blob URI abouturi - an about URI singlestring - A single file or string with no slashes mozillaextension - An extension claiming to be from *mozilla.org (Deprecated) otherextension - Another extension not from Mozilla (Deprecated) mozillaextension_file - An extension claiming to be from *mozilla.org, loaded from a file:// otherextension_file - Another extension not from Mozilla, loaded from a file:// extension_uri - A URI with the moz-extension:// scheme suspectedUserChromeJS - A filepath ending in .uc.js sanitizedWindowsPath - A filepath, on Windows, sanitized by WinUtils::PreparePathForTelemetry which is a bare filename or a subpath of %ProgramFiles%, %SystemRoot%, or %TEMP% sanitizedWindowsURL - A partial URL, on Windows, consisting of either file://../ followed by the value prepared as for sanitizedWindowsPath, or the bare scheme of the original url other - Unknown other-on-worker - We cannot do a regex; it is not a chrome, resource, data, or blob uri, but could be any other. regexfailure - Our Regex Matching code threw an error The fileinfo key may contain additional information about the file that caused the eval() depending on the above value. Resource, Chrome, About, and SingleString will contain the full value. (About URIs will remove any querystring values.) Extensions-from-file will contain the full value; however .xpi! will be shortened to !, shield.mozilla.org! to s! and mozilla.org! to m!. Data, Blob, UserChromeJS, Other, and Regexfailure should have no value. This event was generated to correspond to the Legacy Telemetry event security.evalUsage#parentProcess. bugs: *security_evalUsage_bugs data_reviews: *security_evalUsage_data_reviews notification_emails: - tom@mozilla.com - ckerschb@mozilla.com expires: never extra_keys: *security_evalUsage_extra telemetry_mirror: Security_Evalusage_Parentprocess javascript_load_parent_process: type: event description: > The javascript engine requested to load a filename that was not allowed. Expected values, and fileinfo key, are the same possible values as above in 'evalUsage' This event was generated to correspond to the Legacy Telemetry event security.javascriptLoad#parentProcess. bugs: - https://bugzil.la/1582512 data_reviews: - https://bugzil.la/1582512 notification_emails: - tom@mozilla.com - gijs@mozilla.com expires: never extra_keys: value: description: > The `value` of the event. Mirrors to the Legacy Telemetry event's `value` parameter. The filename's type, see `nsContentSecurityUtils::FilenameToFilenameType(...)`. type: string fileinfo: description: > Information about the filename that was requested to be loaded type: string telemetry_mirror: Security_Javascriptload_Parentprocess https_only_mode_upgrade_time: type: labeled_timing_distribution description: > Time it takes for a request that has been upgraded with HTTPS-Only Mode to complete, broken down by top-level (top) / sub-resource (sub) and status This metric was generated to correspond to the Legacy Telemetry exponential histogram HTTPS_ONLY_MODE_UPGRADE_TIME_MS. time_unit: millisecond labels: - top_successful - sub_successful - top_f_redirectloop - sub_f_redirectloop - top_f_timeout - sub_f_timeout - top_f_aborted - sub_f_aborted - top_f_cxnrefused - sub_f_cxnrefused - top_f_ssl_selfsignd - sub_f_ssl_selfsignd - top_f_ssl_badcertdm - sub_f_ssl_badcertdm - top_f_ssl_unkwnissr - sub_f_ssl_unkwnissr - top_f_ssl_other - sub_f_ssl_other - top_f_other - sub_f_other bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1627206 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1627206 notification_emails: - julianwels@mozilla.com - seceng-telemetry@mozilla.com expires: never telemetry_mirror: HTTPS_ONLY_MODE_UPGRADE_TIME_MS referrer_policy_count: type: custom_distribution description: > The counter of each referrer policy which has been computed for a referrer. The buckets (0-8) are for same-site requests and buckets (9-17) are for cross-site requests. Note that the index matches to the order in ReferrerPolicy.webidl This metric was generated to correspond to the Legacy Telemetry enumerated histogram REFERRER_POLICY_COUNT. range_min: 0 range_max: 18 bucket_count: 19 histogram_type: linear bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1720869 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1720869 notification_emails: - tihuang@mozilla.com - ckerschbaumer@mozilla.com - seceng-telemetry@mozilla.com expires: never telemetry_mirror: REFERRER_POLICY_COUNT mixed_content: page_load: type: custom_distribution description: > Accumulates type of content per page load (0=no mixed or non-secure page, 1=mixed passive, 2=mixed active, 3=mixed passive and mixed active) This metric was generated to correspond to the Legacy Telemetry enumerated histogram MIXED_CONTENT_PAGE_LOAD. range_min: 0 range_max: 4 bucket_count: 5 histogram_type: linear bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1935420 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1935420 notification_emails: - seceng-telemetry@mozilla.com expires: never telemetry_mirror: MIXED_CONTENT_PAGE_LOAD unblock_counter: type: custom_distribution description: > A simple counter of daily mixed-content unblock operations and top documents loaded This metric was generated to correspond to the Legacy Telemetry enumerated histogram MIXED_CONTENT_UNBLOCK_COUNTER. range_min: 0 range_max: 3 bucket_count: 4 histogram_type: linear bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1935420 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1935420 notification_emails: - seceng-telemetry@mozilla.com expires: never telemetry_mirror: MIXED_CONTENT_UNBLOCK_COUNTER hsts: type: custom_distribution description: > How often would blocked mixed content be allowed if HSTS upgrades were allowed? 0=display/no-HSTS, 1=display/HSTS, 2=active/no-HSTS, 3=active/HSTS This metric was generated to correspond to the Legacy Telemetry enumerated histogram MIXED_CONTENT_HSTS. range_min: 0 range_max: 10 bucket_count: 11 histogram_type: linear bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1935420 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1935420 notification_emails: - seceng-telemetry@mozilla.com expires: never telemetry_mirror: MIXED_CONTENT_HSTS images: type: labeled_counter description: > How often image loads fail in regular mode and in upgrading mode? This metric was generated to correspond to the Legacy Telemetry categorical histogram MIXED_CONTENT_IMAGES. labels: - ImgUpSuccess - ImgUpFailure - ImgNoUpSuccess - ImgNoUpFailure bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1819336 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1819336 notification_emails: - seceng-telemetry@mozilla.com expires: never telemetry_mirror: h#MIXED_CONTENT_IMAGES video: type: labeled_counter description: > How often video loads fail in regular mode and in upgrading mode? This metric was generated to correspond to the Legacy Telemetry categorical histogram MIXED_CONTENT_VIDEO. labels: - VideoUpSuccess - VideoUpFailure - VideoNoUpSuccess - VideoNoUpFailure bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1819336 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1819336 notification_emails: - seceng-telemetry@mozilla.com expires: never telemetry_mirror: h#MIXED_CONTENT_VIDEO audio: type: labeled_counter description: > How often audio loads fail in regular mode and in upgrading mode? This metric was generated to correspond to the Legacy Telemetry categorical histogram MIXED_CONTENT_AUDIO. labels: - AudioUpSuccess - AudioUpFailure - AudioNoUpSuccess - AudioNoUpFailure bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=1819336 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=1819336 notification_emails: - seceng-telemetry@mozilla.com expires: never telemetry_mirror: h#MIXED_CONTENT_AUDIO security.ui: events: type: custom_distribution description: > Security-related UI events (addons, form submission, TLS certs, Safe Browsing, updates and geolocation). See /security/manager/ssl/nsISecurityUITelemetry.idl for the specific values. This metric was generated to correspond to the Legacy Telemetry enumerated histogram SECURITY_UI. range_min: 0 range_max: 100 bucket_count: 101 histogram_type: linear bugs: - https://bugzilla.mozilla.org/show_bug.cgi?id=767676 data_reviews: - https://bugzilla.mozilla.org/show_bug.cgi?id=767676 notification_emails: - seceng-telemetry@mozilla.com - fxprivacyandsecurity@mozilla.com expires: never telemetry_mirror: SECURITY_UI