From 330673793cc83425071b28e50bb3cd3b9ee72bc7 Mon Sep 17 00:00:00 2001
From: sayaHub <sayaveth@gmail.com>
Date: Wed, 22 May 2019 11:34:48 -0400
Subject: [PATCH] pull from upstream (#6)

* Add the utf-8 byte order marker to simplify issues with loading to Excel

* Brought tests suites inline with models.py, handle the utf-8 BOM, and expect bytes over the wire.

* Whoops. params where they should have been.

* Minor changes to cache invalidation to get rid of write access rqmt.

* ugh tests.

* get_cache should be type-hinting a str return, not bool. Also, I was returning both a datetime, or a str. Whoops.

* sigh. tests. remember the tests.

* - removed Beta banner
- removed Bold links in some pages
- add Terms and Conditions in footers

* - removed temporary Google Analytics
- add Content Security Policy on header
- moved some inline javascript call to a external file

* forgot one inline onclick javascript

* - implemented a whitelist for report names that can be call via the app URL.

  for now : only one report name is allowed : compliance

* - forgot one file

* build package for public app

* fix syntax errors

* fire new job names

* added logic to only display the donut for Public users

* forgot to remove bold for links for modal (How to read this table?)

* removed some unwanted space

* put back Beta Banner

* Minor tweaks to config to enable usage of Azure Managed Service Identities in combination with Azure KeyVault.

* this time with updated req's

* local ci would be great when you're sleep deprived.

* removed secret name out of code

* Removed headers due to duplication..

The upstream servers are also placing these headers, so removing from here.

* Security Update: pyyaml bump to pull in safe_load

Fixes this https://github.com/yaml/pyyaml/pull/74.

Note we were already using safe_load.

* Security Update: pyyaml version bump

https://github.com/yaml/pyyaml/pull/74

* Paginate scroll to top

* add semi-colon

* - Implementation of Google Tag Manager

   GTM ID is stored in Environment variable called GOOGLE_TAG_MANAGER

* fix typo

* fix data-domain, can't use comma to enclose value, break if value have comma in domain name

* removed CSP policies from HTML header. CSP is now implemented on Nginx server.

* - some cleanup before merge to Master branch

* - to fix Alerts from LGTM

* Compatibility with kubernetes  (#127)

* Modification for deploying on k8s

* Small fix on dockerfile

* Added CI workflow file

* Ignore pip pinning in CI

* defer datatable render (#129)

* Changed worker type and worker amount (#130)

* Added PR review app configuration;

* Actually hit the right container

* Take 2

* Upgraded deps (#132)

Bump dependencies for pymongo and flask_pymongo. Fixes time based connection issues.

* Task default organizations (#136)

* - set default view to Organizations instead of Domains
- removed logic to public and internal view since now we will have same view for internal/public users

* - fix some accessibilities issues

* - put back role=row for TR. If not present, Mobile view doesnt display the green plus button
  in By Organizations page

* - for Accessibility : implement "Skip to main content" link at top of pages ( visible when Tab into focus)

* update content for the Guidance page (#137)
---
 .circleci/config.yml                          | 19 ++++-
 .github/main.workflow                         | 11 +++
 Dockerfile                                    | 16 +---
 Dockerfile.build                              |  7 --
 deploy/build-env-public.sh                    |  9 +++
 docker-compose.yml                            |  8 --
 elenchos.json                                 |  6 ++
 .../overlays/elenchos/app-deployment.yaml     | 28 +++++++
 manifests/overlays/elenchos/app-service.yaml  | 14 ++++
 .../overlays/elenchos/kustomization.yaml      | 10 +++
 ...gress-controller-cluster-role-binding.yaml | 12 +++
 ...aefik-ingress-controller-cluster-role.yaml | 24 ++++++
 ...traefik-ingress-controller-deployment.yaml | 37 +++++++++
 ...ik-ingress-controller-service-account.yaml |  5 ++
 .../elenchos/traefik-ingress-service.yaml     | 13 ++++
 .../overlays/elenchos/traefik-ingress.yaml    | 14 ++++
 requirements.txt                              |  4 +-
 setup.py                                      |  4 +-
 track/config.py                               |  4 +-
 track/helpers.py                              |  5 ++
 track/static/css/main.css                     |  7 ++
 track/static/css/main.css.map                 |  2 +-
 track/static/js/dataTables.downloads.js       |  4 +-
 track/static/js/https/domains.js              | 14 ++--
 track/static/js/https/donuts.js               | 75 +++++++++++++++++++
 track/static/js/https/organizations.js        |  4 +-
 track/static/js/tables.js                     |  4 +
 track/static/scss/base/_base.scss             |  8 ++
 track/templates/en/domains.html               |  2 +-
 track/templates/en/guidance.html              | 26 ++++---
 track/templates/en/help.html                  |  2 +-
 track/templates/en/index.html                 | 47 ++++++------
 track/templates/en/layout-en.html             | 26 ++++---
 track/templates/en/organizations.html         |  2 +-
 track/templates/fr/domains.html               |  2 +-
 track/templates/fr/guidance.html              | 36 +++++----
 track/templates/fr/help.html                  |  2 +-
 track/templates/fr/index.html                 | 13 ++--
 track/templates/fr/layout-fr.html             | 28 ++++---
 track/templates/fr/organizations.html         |  2 +-
 track/templates/includes/en/beta-bar.html     | 20 ++++-
 track/templates/includes/en/footer.html       |  4 +-
 track/templates/includes/en/modal.html        |  2 +-
 track/templates/includes/fr/beta-bar.html     | 19 ++++-
 track/templates/includes/fr/footer.html       |  4 +-
 track/templates/includes/fr/modal.html        |  2 +-
 track/templates/includes/head.html            | 23 ++++--
 47 files changed, 493 insertions(+), 137 deletions(-)
 create mode 100644 .github/main.workflow
 delete mode 100644 Dockerfile.build
 create mode 100644 deploy/build-env-public.sh
 delete mode 100644 docker-compose.yml
 create mode 100644 elenchos.json
 create mode 100644 manifests/overlays/elenchos/app-deployment.yaml
 create mode 100644 manifests/overlays/elenchos/app-service.yaml
 create mode 100644 manifests/overlays/elenchos/kustomization.yaml
 create mode 100644 manifests/overlays/elenchos/traefik-ingress-controller-cluster-role-binding.yaml
 create mode 100644 manifests/overlays/elenchos/traefik-ingress-controller-cluster-role.yaml
 create mode 100644 manifests/overlays/elenchos/traefik-ingress-controller-deployment.yaml
 create mode 100644 manifests/overlays/elenchos/traefik-ingress-controller-service-account.yaml
 create mode 100644 manifests/overlays/elenchos/traefik-ingress-service.yaml
 create mode 100644 manifests/overlays/elenchos/traefik-ingress.yaml
 create mode 100644 track/static/js/https/donuts.js

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 91d3e30..f21303b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -47,7 +47,7 @@ jobs:
               docker push "${DOCKER_REGISTRY}/${DOCKER_NAMESPACE}/${CIRCLE_PROJECT_REPONAME}:latest"
           name: "Build and Deploy Website Docker Image"
     working_directory: ~/repo
-  build_package:
+  build_internal_package:
     docker:
       - image: cdssnc/track-web-build:0.1.0
     working_directory: /opt/apps/track-web
@@ -58,12 +58,25 @@ jobs:
       - store_artifacts:
           path: /opt/apps/track-web/track-web.tar.gz
           destination: track-web.tar.gz
-          
+  build_external_package:
+    docker:
+      - image: cdssnc/track-web-build:0.1.0
+    working_directory: /opt/apps/track-web-public
+    steps:
+      - checkout
+      - run:
+          command: sh deploy/build-env-public.sh
+      - store_artifacts:
+          path: /opt/apps/track-web-public/track-web-public.tar.gz
+          destination: track-web-public.tar.gz
 workflows:
   version: 2
   tracker:
     jobs:
       - track_web
-      - build_package:
+      - build_internal_package:
+         requires:
+            - track_web
+      - build_external_package:
          requires:
             - track_web
diff --git a/.github/main.workflow b/.github/main.workflow
new file mode 100644
index 0000000..3d19908
--- /dev/null
+++ b/.github/main.workflow
@@ -0,0 +1,11 @@
+workflow "CI" {
+  on = "push"
+  resolves = [
+    "Dockerfile lint"
+  ]
+}
+
+action "Dockerfile lint" {
+  uses = "docker://cdssnc/docker-lint"
+  args = "--ignore DL3013"
+}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 7ae0629..7d3c4e8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,27 +1,19 @@
-MAINTAINER David Buckley <david.buckley@cds-snc.ca>
+FROM python:3.5 as python-base
 LABEL Description="Track Web Security Compliance" Vendor="Canadian Digital Service"
 
-FROM python:3.5 as python-base
 COPY requirements.txt /opt/track-web/requirements.txt
 COPY setup.py /opt/track-web/setup.py 
 COPY track /opt/track-web/track
 COPY MANIFEST.in /opt/track-web/MANIFEST.in
 
-# Build wheels to install into production image
-# Force a build with --no-binary to get around the case where a wheel is available for python:3.5 but not python:3.5-alpine
 RUN pip install --upgrade pip && mkdir wheels && pip wheel --no-binary :all: -r /opt/track-web/requirements.txt -w wheels && pip wheel --no-deps /opt/track-web/ -w wheels
-
-FROM python:3.5-alpine
-MAINTAINER David Buckley <david.buckley@cds-snc.ca>
-LABEL Description="Track Digital Security Compliance" Vendor="Canadian Digital Service"
- 
-COPY --from=python-base /wheels /wheels
  
 RUN pip install /wheels/* && rm -rf /wheels /root/.cache/pip && \
-    addgroup -S track-web && adduser -S -G track-web track-web && \
+    addgroup --system track-web && adduser --system --group track-web && \
     mkdir -p /opt/track-web/.cache && \
     chown -R track-web /opt/track-web
+    
 USER track-web:track-web
  
 EXPOSE 5000
-ENTRYPOINT ["gunicorn", "track.wsgi:app", "--bind=0.0.0.0:5000", "--worker-class=gthread", "--access-logfile=-", "--error-logfile=-", "--capture-output"]
+ENTRYPOINT ["gunicorn", "track.wsgi:app", "--bind=0.0.0.0:5000", "--worker-class=sync", "--access-logfile=-", "--error-logfile=-", "--log-level=debug", "--workers=4"]
diff --git a/Dockerfile.build b/Dockerfile.build
deleted file mode 100644
index e018b8c..0000000
--- a/Dockerfile.build
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM ubuntu:16.04
-
-COPY deploy/provision.sh /opt/provision.sh
-RUN sh /opt/provision.sh
-
-COPY deploy/build-env.sh /opt/build-env.sh
-CMD ["sh", "/opt/build-env.sh", "/opt/apps/track-web"]
diff --git a/deploy/build-env-public.sh b/deploy/build-env-public.sh
new file mode 100644
index 0000000..deabfb1
--- /dev/null
+++ b/deploy/build-env-public.sh
@@ -0,0 +1,9 @@
+WORKDIR=${1:-"/opt/apps/track-web-public"}
+mkdir -p $WORKDIR
+cd $WORKDIR
+python3 -m venv .venv
+. .venv/bin/activate
+pip install --upgrade pip
+pip install -r requirements.txt
+tar -czvf track-web-public.tar.gz .venv track
+rm -rf .venv
diff --git a/docker-compose.yml b/docker-compose.yml
deleted file mode 100644
index 37fe88e..0000000
--- a/docker-compose.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-version: '3'
-services:
-    build-env:
-        build:
-            context: .
-            dockerfile: Dockerfile.build
-        volumes:
-         - .:/opt/apps/track-web/
diff --git a/elenchos.json b/elenchos.json
new file mode 100644
index 0000000..11657f1
--- /dev/null
+++ b/elenchos.json
@@ -0,0 +1,6 @@
+{
+    "dockerfiles": {
+      "grc.io/cdssnc/track-web": "."
+    },
+    "overlay": "manifests/overlays/elenchos"
+  }
\ No newline at end of file
diff --git a/manifests/overlays/elenchos/app-deployment.yaml b/manifests/overlays/elenchos/app-deployment.yaml
new file mode 100644
index 0000000..2a19064
--- /dev/null
+++ b/manifests/overlays/elenchos/app-deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: track-web
+  name: track-web
+spec:
+  selector:
+    matchLabels:
+      app: track-web
+  template:
+    metadata:
+      labels:
+        app: track-web
+    spec:
+      containers:
+        - image: gcr.io/cdssnc/track-web
+          imagePullPolicy: Always
+          name: track-web
+          env:
+            - name: TRACKER_MONGO_URI
+              value: mongodb://track-ro:0D^GEPgF52d&2S@ds113692.mlab.com:13692/trackweb
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+status: {}
\ No newline at end of file
diff --git a/manifests/overlays/elenchos/app-service.yaml b/manifests/overlays/elenchos/app-service.yaml
new file mode 100644
index 0000000..06ad9d5
--- /dev/null
+++ b/manifests/overlays/elenchos/app-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: track-web 
+  name: track-web 
+spec:
+  type: NodePort
+  ports:
+    - port: 5000
+      targetPort: 5000
+  selector:
+    app: track-web 
+
diff --git a/manifests/overlays/elenchos/kustomization.yaml b/manifests/overlays/elenchos/kustomization.yaml
new file mode 100644
index 0000000..20d5731
--- /dev/null
+++ b/manifests/overlays/elenchos/kustomization.yaml
@@ -0,0 +1,10 @@
+resources:
+  - app-deployment.yaml
+  - app-service.yaml
+  - traefik-ingress-controller-cluster-role-binding.yaml
+  - traefik-ingress-controller-cluster-role.yaml
+  - traefik-ingress-controller-deployment.yaml
+  - traefik-ingress-controller-service-account.yaml
+  - traefik-ingress.yaml
+  - traefik-ingress-service.yaml
+
diff --git a/manifests/overlays/elenchos/traefik-ingress-controller-cluster-role-binding.yaml b/manifests/overlays/elenchos/traefik-ingress-controller-cluster-role-binding.yaml
new file mode 100644
index 0000000..b1ca54f
--- /dev/null
+++ b/manifests/overlays/elenchos/traefik-ingress-controller-cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: traefik-ingress-controller
+    namespace: kube-system
diff --git a/manifests/overlays/elenchos/traefik-ingress-controller-cluster-role.yaml b/manifests/overlays/elenchos/traefik-ingress-controller-cluster-role.yaml
new file mode 100644
index 0000000..76ab251
--- /dev/null
+++ b/manifests/overlays/elenchos/traefik-ingress-controller-cluster-role.yaml
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: traefik-ingress-controller
+  namespace: kube-system
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
diff --git a/manifests/overlays/elenchos/traefik-ingress-controller-deployment.yaml b/manifests/overlays/elenchos/traefik-ingress-controller-deployment.yaml
new file mode 100644
index 0000000..bb596cf
--- /dev/null
+++ b/manifests/overlays/elenchos/traefik-ingress-controller-deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: traefik-ingress-lb
+  name: traefik-ingress-controller
+  namespace: kube-system
+spec:
+  template:
+    metadata:
+      labels:
+        k8s-app: traefik-ingress-lb
+    spec:
+      containers:
+        - args:
+            - --api
+            - --kubernetes
+            - --debug
+            - --defaultentrypoints=http
+            - --entrypoints=Name:http Address::80
+          image: traefik:1.7
+          name: traefik-ingress-lb
+          ports:
+            - containerPort: 80
+              hostPort: 80
+              name: http
+            - containerPort: 8080
+              hostPort: 8080
+              name: admin
+          securityContext:
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - ALL
+      serviceAccountName: traefik-ingress-controller
+      terminationGracePeriodSeconds: 60
diff --git a/manifests/overlays/elenchos/traefik-ingress-controller-service-account.yaml b/manifests/overlays/elenchos/traefik-ingress-controller-service-account.yaml
new file mode 100644
index 0000000..3472662
--- /dev/null
+++ b/manifests/overlays/elenchos/traefik-ingress-controller-service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: traefik-ingress-controller
+  namespace: kube-system
diff --git a/manifests/overlays/elenchos/traefik-ingress-service.yaml b/manifests/overlays/elenchos/traefik-ingress-service.yaml
new file mode 100644
index 0000000..f689654
--- /dev/null
+++ b/manifests/overlays/elenchos/traefik-ingress-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-ingress-service
+  namespace: kube-system
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+  selector:
+    k8s-app: traefik-ingress-lb
+  type: LoadBalancer
\ No newline at end of file
diff --git a/manifests/overlays/elenchos/traefik-ingress.yaml b/manifests/overlays/elenchos/traefik-ingress.yaml
new file mode 100644
index 0000000..21bf986
--- /dev/null
+++ b/manifests/overlays/elenchos/traefik-ingress.yaml
@@ -0,0 +1,14 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: traefik
+  name: traefik-ingress
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            backend:
+              serviceName: track-web
+              servicePort: 5000
diff --git a/requirements.txt b/requirements.txt
index 1ae0ad5..c8edf97 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,11 +2,11 @@ flask==0.12.4
 gunicorn==19.6.0
 pyyaml==3.13
 python-slugify==1.2.1
-Flask-PyMongo==0.5.1
+Flask-PyMongo==2.2.0
 flask-compress==1.4.0
 click==6.7
 Babel==2.6.0
 Flask-Caching==1.4.0
-pymongo==3.7.0
+pymongo==3.7.2
 azure-keyvault==1.1.0
 msrestazure==0.5.1
diff --git a/setup.py b/setup.py
index 9f8ffb4..f71dcf5 100644
--- a/setup.py
+++ b/setup.py
@@ -22,8 +22,8 @@
         'gunicorn==19.6.0',
         'pyyaml==3.13',
         'python-slugify==1.2.1',
-        'pymongo==3.7.0',
-        'Flask-PyMongo==0.5.1',
+        'pymongo==3.7.2',
+        'Flask-PyMongo==2.2.0',
         'flask-compress==1.4.0',
         'click==6.7',
         'Babel==2.6.0',
diff --git a/track/config.py b/track/config.py
index d9c3aa6..f99ddff 100644
--- a/track/config.py
+++ b/track/config.py
@@ -13,13 +13,15 @@
 class Config:
     DEBUG = False
     TESTING = False
-    MONGO_URI = "mongodb://localhost:27017/track"
+    MONGO_URI = os.environ.get("TRACKER_MONGO_URI", "mongodb://localhost:27017/track")
     CACHE_TYPE = "null"
 
     @staticmethod
     def init_app(app):
         pass
 
+
+
 class ProductionConfig(Config):
 
     CACHE_TYPE = "filesystem"
diff --git a/track/helpers.py b/track/helpers.py
index cc11b89..e76daab 100644
--- a/track/helpers.py
+++ b/track/helpers.py
@@ -1,6 +1,7 @@
 import pkg_resources
 import yaml
 import datetime
+import os
 from track import models
 from track.data import FIELD_MAPPING
 from babel.dates import format_date
@@ -56,3 +57,7 @@ def percent(num, denom):
     @app.template_filter("percent_not")
     def percent_not(num, denom):
         return (100 - round((num / denom) * 100))
+
+    @app.template_filter("fetch_env")
+    def fetch_env(value):
+        return os.getenv(value)
diff --git a/track/static/css/main.css b/track/static/css/main.css
index 6f9a310..5777d6f 100644
--- a/track/static/css/main.css
+++ b/track/static/css/main.css
@@ -46,6 +46,13 @@ th {
 .beta-badge {
   background-color: #22A7F0; }
 
+li a.myskip {
+  color: #3D4852; }
+
+li a.myskip:focus {
+  color: white;
+  text-decoration: none; }
+
 table caption {
   left: -10000px;
   height: 1px;
diff --git a/track/static/css/main.css.map b/track/static/css/main.css.map
index 4e662fe..e4bbdce 100644
--- a/track/static/css/main.css.map
+++ b/track/static/css/main.css.map
@@ -1,6 +1,6 @@
 {
 "version": 3,
-"mappings": "AACE,CAAE;ECQI,kBAAoB,EDPJ,UAAU;ECY1B,eAAiB,EDZD,UAAU;EC2B1B,UAAY,ED3BI,UAAU;;AEFlC,KAAM;EDSE,6BAAoB,EAAE,sBAAM;EAK5B,0BAAiB,EAAE,sBAAM;EAKzB,yBAAgB,EAAE,sBAAM;EAUxB,qBAAY,EAAE,sBAAM;EC3B1B,eAAe,EAAE,QAAQ;EACzB,MAAM,EAAE,QAAgB;EACxB,YAAY,EAAE,KAAK;EACnB,KAAK,EAAE,IAAI;;AAGb,EAAG;EACD,aAAa,EAAE,iBAAyC;EACxD,WAAW,EAAE,GAAG;EAChB,OAAO,EAAE,QAAgB;EACzB,UAAU,EAAE,IAAI;;AAGlB,EAAG;EACD,aAAa,ECaD,iBAA4B;EDZxC,OAAO,EAAE,QAAgB;;AAG3B;;EAEG;EACD,cAAc,EAAE,MAAM;;AEpBxB,WAAY;EACX,UAAU,EAAE,eAAe;EAC3B,YAAY,EAAE,kBAAkB;EAChC,gBAAgB,EAAE,kBAAkB;;AAGrC,MAAO;EACN,gBAAgB,EAAE,KAAU;EACzB,gBAAgB,EAAE,kBAAe;;AAGrC,cAAe;EACd,MAAM,EAAE,GAAG;;AAGZ,WAAY;EACX,QAAQ,EAAE,MAAM;;AAGjB,WAAY;EACX,gBAAgB,EAAE,OAAO;;ACpB1B,aAAc;EACZ,IAAI,EAAE,QAAQ;EACd,MAAM,EAAE,GAAG;EACX,QAAQ,EAAE,MAAM;EAChB,QAAQ,EAAE,QAAQ;EAClB,GAAG,EAAE,IAAI;EACT,KAAK,EAAE,GAAG;;AAGZ,WAAY;EACV,cAAc,EAAE,SAAS;EACzB,UAAU,EAAE,SAAS;EACrB,UAAU,EAAE,UAAU;;AAItB,gBAAM;EACJ,WAAW,EAAE,iBAAiB;EAC9B,cAAc,EAAE,iBAAiB;;AAIrC,QAAS;EACP,aAAa,EAAE,cAAc;EAAE,UAAU;EACzC,iBAAiB,EAAE,cAAc;EAAE,YAAY;EAC/C,SAAS,EAAE,cAAc;;AAG3B,mBAAoB;EAClB,OAAO,EAAE,WAAW;EAEpB,sCAAmB;IACjB,SAAS,EAAE,KAAK;IAChB,WAAW,EAAE,GAAG;IAChB,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE,IAAI;IAElB,wCAAE;MACA,eAAe,EAAE,SAAS;MAC1B,MAAM,EAAE,OAAO;IAGjB,sGAAyB;MACvB,eAAe,EAAE,IAAI;MACrB,KAAK,EAAE,gBAAgB;IAGzB,6CAAO;MACL,MAAM,EAAE,IAAI;MACZ,OAAO,EAAE,YAAY;MACrB,KAAK,EAAE,KAAK;MACZ,KAAK,EAAE,IAAI;MACX,aAAa,EAAE,GAAG;MAClB,OAAO,EAAE,KAAK;MACd,MAAM,EAAE,KAAK;MACb,MAAM,EAAE,IAAI;MACZ,kBAAkB,EAAE,IAAI;MACxB,eAAe,EAAE,IAAI;MACrB,UAAU,EAAE,IAAI;MAChB,MAAM,EAAE,OAAO;MACf,UAAU,EAAE,8DAAqE;MACjF,yDAAc;QACZ,OAAO,EAAE,IAAI;EAKnB,mCAAgB;IACd,OAAO,EAAE,MAAM;IAGf,4CAAS;MACP,KAAK,ECpDM,OAAO;IDwDpB,4CAAS;MACP,KAAK,ECxDA,OAAO;ID4Dd,4CAAS;MACP,YAAY,EAAE,IAAI;MAClB,WAAW,EAAE,IAAI;IAInB,qCAAE;MACA,eAAe,EAAE,SAAS;MAC1B,KAAK,EAAE,kBAAkB;IAG3B,2CAAQ;MACN,KAAK,EAAE,gBAAgB;IAGzB,6CAAU;MACR,eAAe,EAAE,eAAe;MAChC,KAAK,EAAE,gBAAgB;IAGzB,8EAAO;MACL,aAAa,EAAE,yBAAyB;MACxC,OAAO,EAAE,cAAc;MACvB,WAAW,EAAE,MAAM;IAGrB,4CAAS;MACP,OAAO,EAAE,yBAAyB;IAGpC,gDAAa;MACX,WAAW,EAAE,eAAe;MAC5B,YAAY,EAAE,eAAe;MAC7B,gBAAgB,EAAE,OAAO;IAIzB,sSAAqF;MACnF,mBAAmB,EAAE,WAAW;IAIpC,6CAAY;MACV,MAAM,EAAE,IAAI;IAGd;2DACoB;MAClB,WAAW,EAAE,MAAM;IAInB,8EAAsB;MACpB,GAAG,EAAE,GAAG;MACR,gBAAgB,EAAE,OAAyB;IAE7C,8EAAsB;MACpB,GAAG,EAAE,GAAG;MACR,gBAAgB,EAAE,OAAyB;IAO3C,+DAAS;MACP,WAAW,EAAE,GAAG;IAGlB,4DAAM;MACJ,aAAa,EAAE,IAAI;MACnB,OAAO,EAAE,SAAS;IAEpB,qEAAe;MACb,SAAS,EAAE,GAAG;IASZ,mEAAG;MAAE,aAAa,EAAE,eAAe;IAErC,+DAAQ;MACN,gBAAgB,EAAE,OAAO;MACzB,MAAM,EAAE,OAAO;MACf,wEAAQ;QACN,gBAAgB,EAAE,OAAO;IAO3B,mFAAc;MAAC,eAAe,EAAE,SAAS;IAK3C,sEAAQ;MACN,YAAY,EAAE,IAAI;IAQxB,mDAAG;MACD,OAAO,EAAE,2BAA2B;MEnKxC,qCAAsB;QFkKpB,mDAAG;UAIC,YAAY,EAAE,eAAe;UAC7B,sEAAqB;YAAE,GAAG,EAAE,eAAe;MEvKjD,oCAAsB;QF0KhB,sEAAqB;UAAE,GAAG,EAAE,eAAe;IAM/C,8IAAyB;MACvB,gBAAgB,EAAE,OAAO;MACzB,aAAa,EAAE,IAAI;MAEnB,KAAK,EAAE,GAAG;MACV,QAAQ,EAAE,QAAQ;MAClB,IAAI,EAAE,IAAI;MAEV,gKAAS;QJ/MT,kBAAoB,EIgNE,UAAU;QJ3MhC,eAAiB,EI2MK,UAAU;QJ5LhC,UAAY,EI4LU,UAAU;QAC9B,gBAAgB,EAAE,OAAO;QACzB,iBAAiB,EAAE,QAAQ;QAC3B,eAAe,EAAE,SAAS;QAC1B,aAAa,EAAE,aAAa;QAC5B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,GAAG;QACV,kLAAW;UACT,aAAa,EAAE,IAAI;QAGnB,8KAAa;UAAE,gBAAgB,EAAE,WAAW;QAA5C,8KAAa;UAAE,gBAAgB,EAAE,WAAW;QAA5C,8KAAa;UAAE,gBAAgB,EAAE,WAAW;MAIhD,kJAAE;QACA,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,QAAQ;QAClB,GAAG,EAAE,GAAG;QACR,IAAI,EAAE,KAAK;EAKnB,oCAAiB;IACf,WAAW,EAAE,cAAc;EAG3B,0DAAkB;IAChB,OAAO,EAAE,kBAAkB;IAC3B,SAAS,EAAE,OAAO;IAClB,MAAM,EAAE,eAAe;IACvB,kEAAU;MACR,UAAU,EAAE,kBAAkB;MAC9B,KAAK,EAAE,gBAAgB;MACvB,wEAAQ;QACN,KAAK,EAAE,gBAAgB;IAG3B,kIAAiB;MACf,UAAU,EAAE,kBAAkB;MAC9B,KAAK,EAAE,gBAAgB;IAGvB,oJAAiB;MACf,UAAU,EAAE,sBAAsB;;AGrQ5C,aAAa;EAEX,UAAU,EAAE,OAAO;EACnB,UAAU,EAAE,IAAI;EAChB,OAAO,EAAE,MAAM;EACf,0BAA0B,EAAE,KAAK;ECMjC,QAAQ,EDJU,KAAK;ECOrB,GAAG,EARC,CAAoB;EAYxB,KAAK,EAXC,IAAoB;EAe1B,MAAM,EAdC,CAAoB;EAkB3B,IAAI,EAjBC,CAAoB;ECHzB,MAAM,EAJG,IAAa;EAQtB,KAAK,EAXC,KAAO;ETOT,iBAAoB,EAAE,kBAAM;EAK5B,cAAiB,EAAE,kBAAM;EAKzB,aAAgB,EAAE,kBAAM;EAKxB,YAAe,EAAE,kBAAM;EAKvB,SAAY,EAAE,kBAAM;EApBpB,kBAAoB,EAAE,gBAAM;EAK5B,eAAiB,EAAE,gBAAM;EAezB,UAAY,EAAE,gBAAM;EOd1B,wBAAa;IPNP,iBAAoB,EAAE,aAAM;IAK5B,cAAiB,EAAE,aAAM;IAKzB,aAAgB,EAAE,aAAM;IAKxB,YAAe,EAAE,aAAM;IAKvB,SAAY,EAAE,aAAM",
+"mappings": "AACE,CAAE;ECQI,kBAAoB,EDPJ,UAAU;ECY1B,eAAiB,EDZD,UAAU;EC2B1B,UAAY,ED3BI,UAAU;;AEFlC,KAAM;EDSE,6BAAoB,EAAE,sBAAM;EAK5B,0BAAiB,EAAE,sBAAM;EAKzB,yBAAgB,EAAE,sBAAM;EAUxB,qBAAY,EAAE,sBAAM;EC3B1B,eAAe,EAAE,QAAQ;EACzB,MAAM,EAAE,QAAgB;EACxB,YAAY,EAAE,KAAK;EACnB,KAAK,EAAE,IAAI;;AAGb,EAAG;EACD,aAAa,EAAE,iBAAyC;EACxD,WAAW,EAAE,GAAG;EAChB,OAAO,EAAE,QAAgB;EACzB,UAAU,EAAE,IAAI;;AAGlB,EAAG;EACD,aAAa,ECaD,iBAA4B;EDZxC,OAAO,EAAE,QAAgB;;AAG3B;;EAEG;EACD,cAAc,EAAE,MAAM;;AEpBxB,WAAY;EACX,UAAU,EAAE,eAAe;EAC3B,YAAY,EAAE,kBAAkB;EAChC,gBAAgB,EAAE,kBAAkB;;AAGrC,MAAO;EACN,gBAAgB,EAAE,KAAU;EACzB,gBAAgB,EAAE,kBAAe;;AAGrC,cAAe;EACd,MAAM,EAAE,GAAG;;AAGZ,WAAY;EACX,QAAQ,EAAE,MAAM;;AAGjB,WAAY;EACX,gBAAgB,EAAE,OAAO;;AAG1B,WAAY;EACT,KAAK,EDTI,OAAO;;ACWnB,iBAAkB;EACd,KAAK,EAAC,KAAK;EACX,eAAe,EAAC,IAAI;;AC5BxB,aAAc;EACZ,IAAI,EAAE,QAAQ;EACd,MAAM,EAAE,GAAG;EACX,QAAQ,EAAE,MAAM;EAChB,QAAQ,EAAE,QAAQ;EAClB,GAAG,EAAE,IAAI;EACT,KAAK,EAAE,GAAG;;AAGZ,WAAY;EACV,cAAc,EAAE,SAAS;EACzB,UAAU,EAAE,SAAS;EACrB,UAAU,EAAE,UAAU;;AAItB,gBAAM;EACJ,WAAW,EAAE,iBAAiB;EAC9B,cAAc,EAAE,iBAAiB;;AAIrC,QAAS;EACP,aAAa,EAAE,cAAc;EAAE,UAAU;EACzC,iBAAiB,EAAE,cAAc;EAAE,YAAY;EAC/C,SAAS,EAAE,cAAc;;AAG3B,mBAAoB;EAClB,OAAO,EAAE,WAAW;EAEpB,sCAAmB;IACjB,SAAS,EAAE,KAAK;IAChB,WAAW,EAAE,GAAG;IAChB,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE,IAAI;IAElB,wCAAE;MACA,eAAe,EAAE,SAAS;MAC1B,MAAM,EAAE,OAAO;IAGjB,sGAAyB;MACvB,eAAe,EAAE,IAAI;MACrB,KAAK,EAAE,gBAAgB;IAGzB,6CAAO;MACL,MAAM,EAAE,IAAI;MACZ,OAAO,EAAE,YAAY;MACrB,KAAK,EAAE,KAAK;MACZ,KAAK,EAAE,IAAI;MACX,aAAa,EAAE,GAAG;MAClB,OAAO,EAAE,KAAK;MACd,MAAM,EAAE,KAAK;MACb,MAAM,EAAE,IAAI;MACZ,kBAAkB,EAAE,IAAI;MACxB,eAAe,EAAE,IAAI;MACrB,UAAU,EAAE,IAAI;MAChB,MAAM,EAAE,OAAO;MACf,UAAU,EAAE,8DAAqE;MACjF,yDAAc;QACZ,OAAO,EAAE,IAAI;EAKnB,mCAAgB;IACd,OAAO,EAAE,MAAM;IAGf,4CAAS;MACP,KAAK,ECpDM,OAAO;IDwDpB,4CAAS;MACP,KAAK,ECxDA,OAAO;ID4Dd,4CAAS;MACP,YAAY,EAAE,IAAI;MAClB,WAAW,EAAE,IAAI;IAInB,qCAAE;MACA,eAAe,EAAE,SAAS;MAC1B,KAAK,EAAE,kBAAkB;IAG3B,2CAAQ;MACN,KAAK,EAAE,gBAAgB;IAGzB,6CAAU;MACR,eAAe,EAAE,eAAe;MAChC,KAAK,EAAE,gBAAgB;IAGzB,8EAAO;MACL,aAAa,EAAE,yBAAyB;MACxC,OAAO,EAAE,cAAc;MACvB,WAAW,EAAE,MAAM;IAGrB,4CAAS;MACP,OAAO,EAAE,yBAAyB;IAGpC,gDAAa;MACX,WAAW,EAAE,eAAe;MAC5B,YAAY,EAAE,eAAe;MAC7B,gBAAgB,EAAE,OAAO;IAIzB,sSAAqF;MACnF,mBAAmB,EAAE,WAAW;IAIpC,6CAAY;MACV,MAAM,EAAE,IAAI;IAGd;2DACoB;MAClB,WAAW,EAAE,MAAM;IAInB,8EAAsB;MACpB,GAAG,EAAE,GAAG;MACR,gBAAgB,EAAE,OAAyB;IAE7C,8EAAsB;MACpB,GAAG,EAAE,GAAG;MACR,gBAAgB,EAAE,OAAyB;IAO3C,+DAAS;MACP,WAAW,EAAE,GAAG;IAGlB,4DAAM;MACJ,aAAa,EAAE,IAAI;MACnB,OAAO,EAAE,SAAS;IAEpB,qEAAe;MACb,SAAS,EAAE,GAAG;IASZ,mEAAG;MAAE,aAAa,EAAE,eAAe;IAErC,+DAAQ;MACN,gBAAgB,EAAE,OAAO;MACzB,MAAM,EAAE,OAAO;MACf,wEAAQ;QACN,gBAAgB,EAAE,OAAO;IAO3B,mFAAc;MAAC,eAAe,EAAE,SAAS;IAK3C,sEAAQ;MACN,YAAY,EAAE,IAAI;IAQxB,mDAAG;MACD,OAAO,EAAE,2BAA2B;MEnKxC,qCAAsB;QFkKpB,mDAAG;UAIC,YAAY,EAAE,eAAe;UAC7B,sEAAqB;YAAE,GAAG,EAAE,eAAe;MEvKjD,oCAAsB;QF0KhB,sEAAqB;UAAE,GAAG,EAAE,eAAe;IAM/C,8IAAyB;MACvB,gBAAgB,EAAE,OAAO;MACzB,aAAa,EAAE,IAAI;MAEnB,KAAK,EAAE,GAAG;MACV,QAAQ,EAAE,QAAQ;MAClB,IAAI,EAAE,IAAI;MAEV,gKAAS;QJ/MT,kBAAoB,EIgNE,UAAU;QJ3MhC,eAAiB,EI2MK,UAAU;QJ5LhC,UAAY,EI4LU,UAAU;QAC9B,gBAAgB,EAAE,OAAO;QACzB,iBAAiB,EAAE,QAAQ;QAC3B,eAAe,EAAE,SAAS;QAC1B,aAAa,EAAE,aAAa;QAC5B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,GAAG;QACV,kLAAW;UACT,aAAa,EAAE,IAAI;QAGnB,8KAAa;UAAE,gBAAgB,EAAE,WAAW;QAA5C,8KAAa;UAAE,gBAAgB,EAAE,WAAW;QAA5C,8KAAa;UAAE,gBAAgB,EAAE,WAAW;MAIhD,kJAAE;QACA,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,QAAQ;QAClB,GAAG,EAAE,GAAG;QACR,IAAI,EAAE,KAAK;EAKnB,oCAAiB;IACf,WAAW,EAAE,cAAc;EAG3B,0DAAkB;IAChB,OAAO,EAAE,kBAAkB;IAC3B,SAAS,EAAE,OAAO;IAClB,MAAM,EAAE,eAAe;IACvB,kEAAU;MACR,UAAU,EAAE,kBAAkB;MAC9B,KAAK,EAAE,gBAAgB;MACvB,wEAAQ;QACN,KAAK,EAAE,gBAAgB;IAG3B,kIAAiB;MACf,UAAU,EAAE,kBAAkB;MAC9B,KAAK,EAAE,gBAAgB;IAGvB,oJAAiB;MACf,UAAU,EAAE,sBAAsB;;AGrQ5C,aAAa;EAEX,UAAU,EAAE,OAAO;EACnB,UAAU,EAAE,IAAI;EAChB,OAAO,EAAE,MAAM;EACf,0BAA0B,EAAE,KAAK;ECMjC,QAAQ,EDJU,KAAK;ECOrB,GAAG,EARC,CAAoB;EAYxB,KAAK,EAXC,IAAoB;EAe1B,MAAM,EAdC,CAAoB;EAkB3B,IAAI,EAjBC,CAAoB;ECHzB,MAAM,EAJG,IAAa;EAQtB,KAAK,EAXC,KAAO;ETOT,iBAAoB,EAAE,kBAAM;EAK5B,cAAiB,EAAE,kBAAM;EAKzB,aAAgB,EAAE,kBAAM;EAKxB,YAAe,EAAE,kBAAM;EAKvB,SAAY,EAAE,kBAAM;EApBpB,kBAAoB,EAAE,gBAAM;EAK5B,eAAiB,EAAE,gBAAM;EAezB,UAAY,EAAE,gBAAM;EOd1B,wBAAa;IPNP,iBAAoB,EAAE,aAAM;IAK5B,cAAiB,EAAE,aAAM;IAKzB,aAAgB,EAAE,aAAM;IAKxB,YAAe,EAAE,aAAM;IAKvB,SAAY,EAAE,aAAM",
 "sources": ["../scss/lib/neat/grid/_grid.scss","../scss/lib/bourbon/addons/_prefixer.scss","../scss/base/_tables.scss","../scss/base/_variables.scss","../scss/base/_base.scss","../scss/includes/datatables.scss","../scss/main.scss","../scss/lib/neat/grid/_media.scss","../scss/includes/header.scss","../scss/lib/bourbon/addons/_position.scss","../scss/lib/bourbon/addons/_size.scss"],
 "names": [],
 "file": "main.css"
diff --git a/track/static/js/dataTables.downloads.js b/track/static/js/dataTables.downloads.js
index 4b8585e..ea1475b 100644
--- a/track/static/js/dataTables.downloads.js
+++ b/track/static/js/dataTables.downloads.js
@@ -36,9 +36,7 @@ $.fn.dataTable.Download = function ( inst ) {
     if (drawnOnce) return;
 
     var elem = "" +
-      "<a onClick=\"gtag('event', 'download', { event_category: 'Download / Télécharger', event_action: 'Download / Télécharger CSV'});\" class=\"text-https-blue hover:text-black font-bold\" href=\"" + csv + "\" download>" +
-        text +
-      "</a>";
+      "<a class=\"text-https-blue hover:text-black font-bold\" href=\"" + csv + "\" download>" + text +"</a>";
 
     container.html(elem);
     drawnOnce = true;
diff --git a/track/static/js/https/domains.js b/track/static/js/https/domains.js
index cafea27..dafa79e 100755
--- a/track/static/js/https/domains.js
+++ b/track/static/js/https/domains.js
@@ -287,16 +287,16 @@ $(function () {
     // determines whether remote fetching has to happen
     var fetch = !(loneDomain(row));
 
-    return n(row.domain) + "<div class=\"mt-2\">" + l("", "#", showHideText(true, row), "onclick=\"return false\" data-fetch=\"" + fetch + "\" data-domain=\"" + row.domain + "\"") + "</div>";
+    return n(row.domain) + "<div class=\"mt-2\">" + l("", "#", showHideText(true, row), "data-fetch=\"" + fetch + "\" data-domain=\"" + row.domain + "\"") + "</div>";
   };
 
   var showHideText = function(show, row) {
     if (loneDomain(row))
-      return (show ? "<img src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"rotated pb-1 mr-1 h-2\">" + text.show[language] : "<img src=\"/static/images/arrow.png\" class=\"mr-2 h-2\">" + text.hide[language]) + " " + text.details[language];
+      return (show ? "<img alt='' src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"rotated pb-1 mr-1 h-2\">" + text.show[language] : "<img alt='' src=\"/static/images/arrow.png\" class=\"mr-2 h-2\">" + text.hide[language]) + " " + text.details[language];
     else if(row.totals.https.eligible == 1)
-      return (show ? "<img src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"rotated pb-1 mr-1 h-2\">" + {en: "Show", fr: "Montrer le"}[language] : "<img src=\"/static/images/arrow.png\" class=\"mr-2 h-2\">" + {en: "Hide", fr: "Cacher le"}[language]) + " " + {en: "1", fr:""}[language] + text.subdomain[language];
+      return (show ? "<img alt='' src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"rotated pb-1 mr-1 h-2\">" + {en: "Show", fr: "Montrer le"}[language] : "<img alt='' src=\"/static/images/arrow.png\" class=\"mr-2 h-2\">" + {en: "Hide", fr: "Cacher le"}[language]) + " " + {en: "1", fr:""}[language] + text.subdomain[language];
     else
-      return (show ? "<img src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"rotated pb-1 mr-1 h-2\">" + text.show[language] : "<img src=\"/static/images/arrow.png\" class=\"mr-2 h-2\">" + text.hide[language]) + " " + row.totals.https.eligible + text.subdomains[language];
+      return (show ? "<img alt='' src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"rotated pb-1 mr-1 h-2\">" + text.show[language] : "<img  alt=''src=\"/static/images/arrow.png\" class=\"mr-2 h-2\">" + text.hide[language]) + " " + row.totals.https.eligible + text.subdomains[language];
   };
 
   var initExpansions = function() {
@@ -321,7 +321,7 @@ $(function () {
 
         if (fetch) {
           console.log(text.fetch[language] + base_domain + "...");
-          link.addClass("loading").html("<img src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"mr-2 h-2\">" + text.loading[language] + base_domain + " services...");
+          link.addClass("loading").html("<img alt='' src=\"/static/images/arrow.png\" aria-hidden=\"true\" class=\"mr-2 h-2\">" + text.loading[language] + base_domain + " services...");
 
           $.ajax({
             url: "/data/hosts/" + base_domain + "/https.json",
@@ -369,9 +369,7 @@ $(function () {
   };
 
   var l = function(base_domain, href, text, extra) {
-    // if base domain is provided, CSV download, so track with gtag
-    if(base_domain != "") return "<a onClick=\"gtag('event', 'download', { event_category: 'Download / Télécharger', event_action: 'Download / Télécharger CSV " + base_domain + "'});\" href=\"" + href + "\" target=\"blank\" " + extra + ">" + text + "</a>";
-    
+
     return "<a href=\"" + href + "\" target=\"blank\" " + extra + ">" + text + "</a>";
   };
 
diff --git a/track/static/js/https/donuts.js b/track/static/js/https/donuts.js
new file mode 100644
index 0000000..b189e31
--- /dev/null
+++ b/track/static/js/https/donuts.js
@@ -0,0 +1,75 @@
+function generate_chart() {
+    var chart = d3.select('.compliant');
+    var width = chart.attr("data-width");
+    if (width == null)
+        width = calculate_width();
+    width = parseInt(width);
+    var height = width * 1.2;
+    var radius = Math.min(width, height) / 2;
+    var color = d3.scale.ordinal()
+        .range(["#0071e1", "#888888"]);
+    var arc = d3.svg.arc()
+        .outerRadius(radius)
+        .innerRadius(radius - 40);
+    var pie = d3.layout.pie()
+        .value(function (d) {
+        return d.value;
+    })
+        .sort(null);
+    chart = chart
+        .append('svg')
+        .attr("width", width)
+        .attr("height", height)
+        .append("g")
+        .attr("transform", "translate(" + (width / 2) + "," + (height / 2) + ")");
+    d3.json("/data/reports/https.json", function (error, data) {
+        // calculate % client-side
+        var compliant = Math.round((data.enforces / data.eligible) * 100);
+        // just abort and leave it blank if something's wrong
+        // (instead of showing "NaN%" visually)
+        if (isNaN(compliant))
+            return;
+        var pie_data = [
+            {status: 'active', value: compliant},
+            {status: 'inactive', value: (100-compliant)},
+        ]
+        var g = chart.selectAll(".arc")
+            .data(pie(pie_data))
+            .enter().append("g")
+            .attr("class", "arc");
+        g.append("path")
+            .style("fill", function(d) {
+            return color(d.data.status);
+        })
+            .transition().delay(function(d, i) {
+            return i *400;
+        }).duration(400)
+            .attrTween('d', function(d) {
+            var i = d3.interpolate(d.startAngle+ 0.1, d.endAngle);
+            return function(t) {
+                d.endAngle = i(t);
+                return arc(d);
+            }
+        });
+        g.append("text")
+            .attr("text-anchor", "middle")
+            .attr("class", "text-5xl font-bold")
+            .attr("dy", "0.4em")
+            .attr("fill", "black")
+            .text(function(d){
+                return "" + pie_data[0].value + "%";
+        });
+    });
+};
+
+function calculate_width() {
+    var window_width = $(window).width();
+
+    if(window_width < 769)
+        return 250;
+    else
+        return 287;
+}
+
+generate_chart();
+
diff --git a/track/static/js/https/organizations.js b/track/static/js/https/organizations.js
index 2b2ba63..5290df3 100644
--- a/track/static/js/https/organizations.js
+++ b/track/static/js/https/organizations.js
@@ -86,8 +86,8 @@ $(document).ready(function () {
 
     var link = function(link_text) {
       return "" +
-        "<a onClick=\"gtag('event', 'Search', { event_category: 'Search / Rechercher', event_action: 'Search / Rechercher " + row["name_" + language] + "'});\" href=\"/" + language + "/" + text.domains[language] + "/#" +
-          QueryString.stringify({q: row["name_" + language]}) + "\">" +
+        "<a aria-label=\""+data+"\" href=\"/" + language + "/" + text.domains[language] + "/#" +
+          QueryString.stringify({q: row["name_" + language]}) + "\" data-domain=\""+data+"\">" +
            link_text +
         "</a>";
     }
diff --git a/track/static/js/tables.js b/track/static/js/tables.js
index 325d9f7..1d69b55 100644
--- a/track/static/js/tables.js
+++ b/track/static/js/tables.js
@@ -8,6 +8,9 @@ var Tables = {
 
     // add common options to all renderTables requests
     if (!options.responsive) options.responsive = true;
+    
+    // Older browsers need this to load in an acceptable time frame. We may want to make it conditional in the future
+    if (!options.deferRender) options.deferRender = true;
 
     var customInit = function() {}; // noop
     if (options.initComplete) customInit = options.initComplete;
@@ -175,5 +178,6 @@ $(function() {
     $('#DataTables_Table_0_filter label').attr('class', 'w-full md:w-2/3');
     $('#datatables-search').attr('class', 'border border-solid border-https-dark-gray bg-https-light-gray focus:border-https-blue block md:inline-block h-8 md:ml-6 mb-4 md:mb-8 w-full md:w-3/5 lg:w-3/4');
     $('.dataTables_csv').attr('class', 'text-lg md:ml-4 mt-4 md:mt-6');
+
   });
 });
diff --git a/track/static/scss/base/_base.scss b/track/static/scss/base/_base.scss
index 3f7124f..84607c0 100644
--- a/track/static/scss/base/_base.scss
+++ b/track/static/scss/base/_base.scss
@@ -24,3 +24,11 @@
 	background-color: #22A7F0;
 }
 
+li a.myskip {
+   color:$dark-gray;
+}
+li a.myskip:focus {
+    color:white;
+    text-decoration:none;
+}
+
diff --git a/track/templates/en/domains.html b/track/templates/en/domains.html
index 4b3af77..7e2af80 100644
--- a/track/templates/en/domains.html
+++ b/track/templates/en/domains.html
@@ -9,7 +9,7 @@
 
 {% include 'includes/en/modal.html' %}
 
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-label="main content">
 
 	<header class="bg-https-light-gray pt-6">
 
diff --git a/track/templates/en/guidance.html b/track/templates/en/guidance.html
index 4c45ac6..55fb8d0 100644
--- a/track/templates/en/guidance.html
+++ b/track/templates/en/guidance.html
@@ -6,9 +6,9 @@
 {% block description %}Read guidance.{% endblock description %}
 
 {% block content %}
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-labelledby="readguidance">
     <div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6 mb-6">
-        <h1>Read guidance</h1>
+        <h1 id='readguidance'>Read guidance</h1>
         <p>Help us make government websites more secure. Please complete the following steps to become compliant with the Government of Canada's web security standards. If you have any questions about this process, please <a href="/en/help">contact us</a>.</p>
         <br/>
         
@@ -18,7 +18,7 @@ <h1>Read guidance</h1>
 
                    <ul>
 
-                     <li>GCconnex: <a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black">HTTPS Everywhere 2018</a></li>
+                     <li>GCcollab: <a href="https://gccollab.ca/groups/profile/1358152/engc-https-everywhere-2018frgc-https-partout-2018" class="text-https-blue hover:text-black">HTTPS Everywhere 2018</a></li>
                      <li>GCmessage: <a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black">#HTTPSEverywhere-HTTPSpartout</a></li>
                    </ul>
            </li>
@@ -34,8 +34,15 @@ <h1>Read guidance</h1>
 
            </li>
 
-           <li class="mb-6">Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to the following website: <a href="https://canada-ca.github.io/pages/submit-institutional-domains.html" class="text-https-blue hover:text-black">Submit your institution's domains</a>.</li>
-           <li class="mb-6">Perform an assessment of the domains and sub-domains to determine the status of the configuration. Tools available to support this activity includes GC HTTPS Dashboard, SSL Labs, Hardenize, etc.</li>
+           <li class="mb-6">Provide an up-to-date list of all domain and sub-domains of the publicly-accessible websites and web services to TBS Cybersecurity.
+               <ul>
+                   <li>Update and send the filtered "compliance.csv" file available from the HTTPS Dashboard for mass update; or</li>
+                   <li>use the following website for domain additions: <a href="https://canada-ca.github.io/pages/submit-institutional-domains.html" class="text-https-blue hover:text-black">Submit your institution's domains</a></li>
+
+               </ul>
+
+           </li>
+           <li class="mb-6">Perform an assessment of the domains and sub-domains to determine the status of the configuration. Tools available to support this activity includes GC HTTPS Dashboard, SSL Labs, Hardenize, SSLShopper, etc.</li>
            <li class="mb-6">Develop a prioritized implementation schedule for each of the affected websites and web services, following the recommended prioritization approach in the ITPIN:
 
 
@@ -43,11 +50,11 @@ <h1>Read guidance</h1>
 
                 <li>6.2.1 Newly developed websites and web services must adhere to this ITPIN upon launch. </li>
                 <li>6.2.2 Websites and web services that involve an exchange of personal information or other sensitive information must receive priority following a risk-based approach, and migrate as soon as possible. </li>
-                <li>6.2.3 All remaining websites and web services must be accessible through a secure connection, as outlined in Section 6.1, by September 30, 2019.</li>
+                <li>6.2.3 All remaining websites and web services must be accessible through a secure connection, as outlined in Section 6.1, by December 31, 2019.</li>
            </ul>
 
            </li>
-           <li class="mb-6">Engage the departmental IT group for implementation as appropriate.
+           <li class="mb-6">Engage departmental IT planning groups for implementation as appropriate.
             <ul>
 
                 <li>Where necessary adjust IT Plans and budget estimates for the FY where work is expected.</li>
@@ -56,7 +63,7 @@ <h1>Read guidance</h1>
 
            </li>
 
-           <li class="mb-6">Based on the assessment, and using the <a href="https://www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black">guidance available on GCpedia</a>, the following activities may be required:
+           <li class="mb-6">Based on the assessment, and using the <a href="https://gccollab.ca/groups/profile/1358152/engc-https-everywhere-2018frgc-https-partout-2018" class="text-https-blue hover:text-black">guidance available on GCcollab</a>, the following activities may be required:
             <ul>
 
                 <li>Obtain certificates from a GC-approved certificate source as outlined in the Recommendations for TLS Server Certificates for GC Public Facing Web Services</li>
@@ -65,7 +72,8 @@ <h1>Read guidance</h1>
 
            </li>
 
-           <li class="mb-6">Perform another assessment of the applicable domains and sub-domains to confirm that the configuration has been updated and that HTTPS is enforced in accordance with the ITPIN.
+           <li class="mb-6">Perform another assessment of the applicable domains and sub-domains to confirm that the configuration has been updated and that HTTPS is enforced in accordance with the ITPIN. Results will
+               appear in the HTTPS Dashboard within 24 hours.
 
 
            </li>
diff --git a/track/templates/en/help.html b/track/templates/en/help.html
index ce3ad42..3d3afc5 100644
--- a/track/templates/en/help.html
+++ b/track/templates/en/help.html
@@ -6,7 +6,7 @@
 {% block description %}For interpretation of any aspect of Implementing HTTPS for Secure Web Connections: Information Technology Policy Implementation Notice (ITPIN), contact Treasury Board of Canada Secretariat through Public Enquiries.{% endblock description %}
 
 {% block content %}
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-label="Get help">
 	<div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6">
 		<h1>Get help</h1>
 		<h2 class=" mb-4">General public</h2>
diff --git a/track/templates/en/index.html b/track/templates/en/index.html
index a3c6ca7..d6b00f1 100644
--- a/track/templates/en/index.html
+++ b/track/templates/en/index.html
@@ -8,34 +8,35 @@
 
 {% block content %}
 
-<section id="main-content" class="flex-1 bg-https-light-gray py-6">
-
-	<div class="flex flex-col lg:flex-row mx-auto items-center sm:w-4/5 xl:w-3/5">
-		<div class="flex-1 lg:mr-8 lg:pr-8 mb-4 lg:mb-0">
-			<h1 class="text-4xl sm:text-5xl mb-6">Track web security compliance</h1>
-			<h2 class="text-3xl mb-2">Making government websites more secure</h2>
-			<p class="text-xl">Canadians rely on the Government of Canada to provide secure digital services. A <a class="text-https-blue hover:text-black"
-				 href="https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html">new
-					policy notice</a> guides government websites to adopt good web security practices. Track how government sites are
-				becoming more secure.</p>
-
-			<div class="flex">
-				<p class="text-xl mt-2 lg:mt-6"><a href="/en/domains/" class="text-https-blue hover:text-black">Check a government
-						website</a></p>
-				<object class="ml-2 lg:mt-4" type="image/svg+xml" tabindex="-1" aria-hidden="true" role="none" data="/static/images/cta-arrow.svg"></object>
-			</div>
+<section id="main-content" class="flex-1 bg-https-light-gray py-6" role="contentinfo" aria-label="Track web security compliance">
+
+		<div class="flex flex-col lg:flex-row mx-auto items-center sm:w-4/5 xl:w-3/5">
+			<div class="flex-1 lg:mr-8 lg:pr-8 mb-4 lg:mb-0">
+				<h1 class="text-4xl sm:text-5xl mb-6">Track web security compliance</h1>
+				<h2 class="text-3xl mb-2">Making government websites more secure</h2>
+				<p class="text-xl">Canadians rely on the Government of Canada to provide secure digital services. A <a class="text-https-blue hover:text-black" href="https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html">new policy notice</a> guides government websites to adopt good web security practices. Track how government sites are becoming more secure.</p>
+
+				<div class="flex">
+					<p class="text-xl mt-2 lg:mt-6"><a href="/en/organizations/" class="text-https-blue hover:text-black">Check a government website</a></p>
+					<object class="ml-2 lg:mt-4" type="image/svg+xml" tabindex="-1" aria-hidden="true" data="/static/images/cta-arrow.svg">
+                        <p>right arrow indicating the action to check a government website</p>
+                    </object>
+				</div>
 
-		</div>
 
-		<div class="flex-inline flex-col text-center mx-auto">
-			<div class="compliant"></div>
-			<h3 style="display:none" class="domains-text font-bold text-xl sm:text-2xl">Domains that <br> enforce HTTPS</h3>
+			</div>
+			
+			<div class="flex-inline flex-col text-center mx-auto">
+				<div class="compliant"></div>
+				<h3 class="font-bold text-xl sm:text-2xl">Domains that <br> enforce HTTPS</h3>
+			</div>
 		</div>
-	</div>
 
 </section>
 
-{% include 'includes/donut.html' %}
 
+
+
+<script src="/static/js/https/donuts.js?{{ now() | date("%Y%m%j%H%M%S") }}"></script>
 <script src="/static/js/https/organizations.js?{{ now() | date("%Y%m%j%H%M%S") }}"></script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/track/templates/en/layout-en.html b/track/templates/en/layout-en.html
index 77fb29b..355c203 100644
--- a/track/templates/en/layout-en.html
+++ b/track/templates/en/layout-en.html
@@ -4,7 +4,7 @@
 <head>
 	
 	<title>{% block title %}{% endblock title %}</title>
-	
+
 	{% include 'includes/head.html' %}
 
 	<meta name="description" content="{% block description %}{% endblock description %}">
@@ -12,7 +12,13 @@
 </head>
 
 <body class="flex flex-1 flex-col min-h-screen">
-
+{% set GTM_key = "GOOGLE_TAG_MANAGER" | fetch_env() %}
+{% if GTM_key %}
+<!-- Google Tag Manager (noscript) -->
+<noscript role="application" aria-label="script for google tag manager"><iframe src="https://www.googletagmanager.com/ns.html?id={{ GTM_key }}"
+height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
+<!-- End Google Tag Manager (noscript) -->
+{% endif %}
 	<header role="banner" id="header">
 
 		<!-- Beta bar -->
@@ -21,12 +27,13 @@
 
 		<!-- GOC Identity Bar -->
 
-	    <section id="goc-fip-bar">
+	    <section id="goc-fip-bar" aria-label="To go to the french page">
 	        <div class="container mx-auto flex">
 	            <div class="flex-1 pt-2 pb-2">
 	                <a href="https://www.canada.ca/en.html" aria-label="Government of Canada">
-	                    <object type="image/svg+xml" tabindex="-1" role="img" data="/static/images/fip-dark-en.svg"
-	                            aria-label="Symbol of the Government of Canada" class="h-6"></object>
+	                    <object type="image/svg+xml" tabindex="-1" role="presentation" data="/static/images/fip-dark-en.svg" class="h-6" aria-label="Symbol of the Government of Canada">
+							Symbol of the Government of Canada
+						</object>
 	                </a>
 	            </div>
 
@@ -40,13 +47,12 @@ <h2 class="sr-only">Language selection</h2>
 
 
 	     <!-- Navigation -->
-
-	     <nav class="bg-white border-b border-https-dark-gray">
+	     <nav class="bg-white border-b border-https-dark-gray" aria-label="Main menu">
 			<div class="container mx-auto flex">
 				<div class="{{ self.pageid_fr() | site_title(false) }}">
 					<h2 class="py-6 text-base sm:text-lg hidden md:block"><a class="text-grey-darkest no-underline font-medium hover:underline hover:text-https-blue" href="/en/index/">Track web security compliance</a></h2>
 				</div>
-		        <div role="navigation" class="flex-1">
+		        <div class="flex-1">
 		            <ul class="list-reset flex justify-end text-base sm:text-lg font-normal">
 		                <li class="py-6 inline xl:hidden">
 		                    <a id="menu-btn" class="text-https-blue hover:text-black no-underline hover:underline" href="#">Menu</a>
@@ -65,7 +71,7 @@ <h2 class="py-6 text-base sm:text-lg hidden md:block"><a class="text-grey-darkes
 		    </div>
 		</nav>
 
-	     <nav id="menu-content" class="shadow-md">
+	     <nav id="menu-content" class="shadow-md"  aria-label="Menu for mobile">
 		    <ul class="list-reset ml-4 mr-2 mt-4 font-normal">
 		        <li class="{{ self.pageid_fr() | site_title(true) }} block py-4 border-b border-https-dark-gray sm:block md:hidden"><a tabindex="-1" class="text-xl text-https-blue no-underline hover:underline" href="/en/index/">Track web security compliance</a></li>
 		        <li class="block border-b border-https-dark-gray py-4"><a tabindex="-1" class="text-xl text-https-blue hover:text-black no-underline hover:underline" href="/en/organizations/">Check compliance</a></li>
@@ -75,6 +81,8 @@ <h2 class="py-6 text-base sm:text-lg hidden md:block"><a class="text-grey-darkes
 		    </ul>
 		</nav>
 
+
+
 	</header>
 
 	<main class="flex flex-auto">
diff --git a/track/templates/en/organizations.html b/track/templates/en/organizations.html
index 267bbd9..97fd4c6 100644
--- a/track/templates/en/organizations.html
+++ b/track/templates/en/organizations.html
@@ -11,7 +11,7 @@
 
 {% include 'includes/en/modal.html' %}
 
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-label="HTTPS by organization">
 
 	<header class="bg-https-light-gray pt-6">
 
diff --git a/track/templates/fr/domains.html b/track/templates/fr/domains.html
index fbb7381..262bef0 100644
--- a/track/templates/fr/domains.html
+++ b/track/templates/fr/domains.html
@@ -9,7 +9,7 @@
 
 {% include 'includes/fr/modal.html' %}
 
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-label="contenu principal">
 
 	<header class="bg-https-light-gray pt-6">
 
diff --git a/track/templates/fr/guidance.html b/track/templates/fr/guidance.html
index 99319d8..017f4b9 100644
--- a/track/templates/fr/guidance.html
+++ b/track/templates/fr/guidance.html
@@ -6,9 +6,9 @@
 {% block description %}Lires les directives.{% endblock description %}
 
 {% block content %}
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-labelledby="readguidance">
 	<div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6 mb-6">
-		<h1>Lires les directives</h1>
+		<h1 id="readguidance">Lires les directives</h1>
 		<p>Aidez-nous à rendre les sites web du gouvernement plus sécuritaires. Veuillez compléter les étapes suivantes afin de respecter les normes de sécurité en ligne du gouvernement du Canada. Si vous avez des questions sur ce processus, <a href="/fr/aide">contactez-nous</a>.</p>
   	<br/>
 		
@@ -18,44 +18,53 @@ <h1>Lires les directives</h1>
 
 		  		 <ul>
 
-					 <li>GCconnex&nbsp;:&nbsp;<a href="https://gcconnex.gc.ca/groups/profile/35218846/gc-https-everywhere-2018-https-partout-dans-le-gc-2018" class="text-https-blue hover:text-black">HTTPS partout dans le GC 2018</a></li>
+					 <li>GCcollab&nbsp;:&nbsp;<a href="https://gccollab.ca/groups/profile/1358152/engc-https-everywhere-2018frgc-https-partout-2018" class="text-https-blue hover:text-black">HTTPS partout 2018</a></li>
 					 <li>GCmessage&nbsp;:&nbsp;<a href="https://message.gccollab.ca/channel/httpseverywhere-httpspartout" class="text-https-blue hover:text-black">#HTTPSEverywhere-HTTPSpartout</a></li>
 		  		 </ul>
 		   </li>
 
-		   <li class="mb-6">Effectuer un inventaire de tous les domaines et les sous-domaines ministériels. Les sources d’information comprennent les suivantes&nbsp;:&nbsp;
+		   <li class="mb-6">Dresser un répertoire de tous les domaines et les sous-domaines ministériels. Les sources d’information comprennent les suivantes&nbsp;:&nbsp;
 
 			<ul>
 
-				<li><a href="https://https-partout.canada.ca" class="text-https-blue hover:text-black">Tableau de bord HTTPS</a> disponible à l’interne</li>
+				<li><a href="https://https-partout.canada.ca" class="text-https-blue hover:text-black">Tableau de bord HTTPS</a></li>
 				<li>Gestion du portefeuille d’applications (GPA) du SCT</li>
 				<li>Unit&eacute;s op&eacute;rationnelles ministérielles</li>
 		   </ul>
 
 		   </li>
 
-		   <li class="mb-6">Fournir une liste à jour de tous les domaines et les sous-domaines des sites Web et des services Web publiquement accessibles au site Web suivant&nbsp;:&nbsp;<a href="https://canada-ca.github.io/pages/soumettre-domaines-institutionnels.html" class="text-https-blue hover:text-black">Soumettez vos noms de domaine institutionnels</a>.</li>
-           <li class="mb-6">Effectuer une &eacute;valuation des domaines et des sous-domaines afin de d&eacute;terminer l’&eacute;tat de la configuration. Les outils disponibles afin d’appuyer cette activit&eacute; comprennent le tableau de bord HTTPS du gouvernement du Canada (GC), SSL Labs et Hardenize, entre autres.</li>
+		   <li class="mb-6">Fournir une liste à jour de tous les domaines et les sous-domaines des sites Web et des services Web publiquement accessibles à l'Équipe de la cybersécurité du SCT
+
+		      <ul>
+				  <li>Procéder à la mise à jour , et à l'envoi du document "compliance.csv", qui est accessible à partir du tableau
+				   de bord HTTPS si vous avez un grand nombre de changements.</li>
+				  <li>Utiliser le site Web suivant pour ajouter des domaines: <a href="https://canada-ca.github.io/pages/soumettre-domaines-institutionnels.html" class="text-https-blue hover:text-black">Soumettez vos noms de domaine institutionnels</a></li>
+
+			  </ul>
+
+		   </li>
+           <li class="mb-6">Effectuer une &eacute;valuation des domaines et des sous-domaines afin de d&eacute;terminer l’&eacute;tat de la configuration. Les outils disponibles pour mener cette activit&eacute; à bien comprennent le tableau de bord HTTPS du gouvernement du Canada (GC), SSL Labs, Hardenize et SSLShoppers entre autres.</li>
            <li class="mb-6"> &Eacute;laborer un calendrier de mise en œuvre prioris&eacute; pour chacun des sites Web et des services Web touch&eacute;s en suivant l’approche de priorisation recommand&eacute;e dans l’Avis de mise en œuvre de la Politique sur la technologie de l’information (AMPTI)&nbsp;:&nbsp;
 
 			<ul>
 
-				<li>6.2.1 Les sites Web et les services Web nouvellement d&eacute;velopp&eacute;s doivent respecter le pr&eacute;sent AMPTI apr&egrave;s son lancement.</li>
+				<li>6.2.1 Les sites Web et les services Web nouvellement élaborés doivent respecter le pr&eacute;sent AMPTI apr&egrave;s leur lancement.</li>
 				<li>6.2.2 Les sites Web et les services Web qui entra&icirc;nent un &eacute;change de renseignements personnels ou d’autres renseignements de nature d&eacute;licate doivent avoir priorit&eacute; &agrave; la suite d’une approche ax&eacute;e sur les risques et doivent migrer dans les plus brefs d&eacute;lais.</li>
-				<li>6.2.3 Tous les sites Web et les services Web restants doivent &ecirc;tre accessibles gr&acirc;ce &agrave; une connexion s&eacute;curis&eacute;e, comme d&eacute;finie &agrave; l’article 6.1, au plus tard le 30 septembre 2019.</li>
+				<li>6.2.3 Tous les sites Web et les services Web restants doivent &ecirc;tre accessibles gr&acirc;ce &agrave; une connexion s&eacute;curis&eacute;e, comme d&eacute;finie &agrave; l’article 6.1, au plus tard le 31 décembre 2019.</li>
 		   </ul>
 
 		   </li>
-		   <li class="mb-6">Engager le groupe ministériel de la TI au sujet de la mise en œuvre, le cas échéant.
+		   <li class="mb-6">Mobiliser les groupes de planification ministérielle de la TI relativement à la mise en œuvre, le cas échéant.
 			<ul>
 
 				<li>Au besoin, modifier les plans de la TI et le budget des dépenses pour l’exercice financier lorsque des travaux sont pr&eacute;vus.</li>
-				<li>Il est recommand&eacute; que les partenaires de Services partag&eacute;s Canada (SPC) communiquent avec leur gestionnaire de la prestation des services de SPC afin de discuter du plan d’action minist&eacute;riel et des d&eacute;marches requises pour soumettre une demande de changement.</li>
+				<li>Il est recommand&eacute; que les partenaires de Services partag&eacute;s Canada (SPC) communiquent avec leur gestionnaire de la prestation des services de SPC afin de discuter du plan d’action minist&eacute;riel et des d&eacute;marches à suivre pour soumettre une demande de changement.</li>
 		   </ul>
 
 		   </li>
 
-           <li class="mb-6">Selon l’&eacute;valuation, et au moyen des <a href="www.gcpedia.gc.ca/wiki/HTTPS_Initiative" class="text-https-blue hover:text-black">conseils disponibles sur GCp&eacute;dia</a>, les activit&eacute;s suivantes pourraient &ecirc;tre requises&nbsp;:&nbsp;
+           <li class="mb-6">Selon l’&eacute;valuation, et au moyen des <a href="https://gccollab.ca/groups/profile/1358152/engc-https-everywhere-2018frgc-https-partout-2018" class="text-https-blue hover:text-black">conseils sur GCcollab</a>, les activit&eacute;s suivantes pourraient &ecirc;tre nécessaires&nbsp;:&nbsp;
 			<ul>
 
 				<li>Obtenir les certificats d’une source de certificat approuv&eacute;e par le GC, comme l’indiquent les recommandations concernant les certificats de serveur TLS pour les services Web publics du GC.</li>
@@ -65,12 +74,13 @@ <h1>Lires les directives</h1>
 		   </li>
 
 		   <li class="mb-6">Effectuer une autre &eacute;valuation des domaines et des sous-domaines applicables afin de confirmer que la configuration a &eacute;t&eacute; mise &agrave; jour et que le HTTPS est appliqu&eacute; conform&eacute;ment &agrave; l’AMPTI.
+			   Les résultats seront présentés dans le tableau de bord HTTPS les prochaines 24 h.
 
 
 		   </li>
 		</ol>
         <br/>
-		<p>Pour toute question ou pr&eacute;occupation concernant cet AMPTI et les conseils connexes concernant la mise en œuvre, veuillez communiquer avec l’unit&eacute; de la Cybers&eacute;curit&eacute; du SCT (<a href="mailto:zzTBSCybers@tbs-sct.gc.ca" class="text-https-blue hover:text-black">zzTBSCybers@tbs-sct.gc.ca)</a>.</p>
+		<p>Pour toute question ou pr&eacute;occupation concernant le présent AMPTI et les conseils connexes concernant la mise en œuvre, veuillez communiquer avec la section responsable de la Cybers&eacute;curit&eacute; du SCT (<a href="mailto:zzTBSCybers@tbs-sct.gc.ca" class="text-https-blue hover:text-black">zzTBSCybers@tbs-sct.gc.ca)</a>.</p>
 	</div>
 </section>
 {% endblock %}
diff --git a/track/templates/fr/help.html b/track/templates/fr/help.html
index 0165451..be3f639 100644
--- a/track/templates/fr/help.html
+++ b/track/templates/fr/help.html
@@ -6,7 +6,7 @@
 {% block description %}Pour des explications concernant tout aspect de l’application de l’Avis de mise en œuvre de la Politique sur la technologie de l’information (AMPTI) : Mise en œuvre de HTTPS pour les connexions Web sécurisées, veuillez communiquer avec le Secrétariat du Conseil du Trésor du Canada par l’entremise des Renseignements au public.{% endblock description %}
 
 {% block content %}
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-label="Obtenir de l’aide">
 	<div class="container mx-auto items-center sm:w-4/5 xl:w-3/5 mt-6">
 		<h1>Obtenir de l’aide</h1>
 		<h2 class=" mb-4">Grand public</h2>
diff --git a/track/templates/fr/index.html b/track/templates/fr/index.html
index b5c83fb..b318e1a 100644
--- a/track/templates/fr/index.html
+++ b/track/templates/fr/index.html
@@ -8,7 +8,7 @@
 
 {% block content %}
 
-<section id="main-content" class="flex-1 bg-https-light-gray py-6">
+<section id="main-content" class="flex-1 bg-https-light-gray py-6" role="contentinfo" aria-label="Suivre la conformité en matière de sécurité Web">
 
 		<div class="flex flex-col lg:flex-row mx-auto items-center sm:w-4/5 xl:w-3/5">
 			<div class="flex-1 lg:mr-8 lg:pr-8 mb-4 lg:mb-0">
@@ -16,11 +16,15 @@ <h1 class="text-4xl sm:text-5xl mb-6">Suivre la conformité en matière de sécu
 				<h2 class="text-3xl mb-2">Rendre les sites gouvernementaux plus sécuritaires</h2>
 				<p class="text-xl">Les Canadiens s'attendent à ce que le gouvernement du Canada leur offre des services en ligne sécurisés. Un <a class="text-https-blue hover:text-black " href="https://www.canada.ca/fr/secretariat-conseil-tresor/services/technologie-information/avis-mise-oeuvre-politique/mise-oeuvre-https-connexions-web-securisees-ampti.html">nouvel avis de politique</a> vise à assurer que les sites gouvernementaux soient conformes aux bonnes pratiques en matière de sécurité Web. Voyez comment les sites gouvernementaux deviennent plus sécuritaires.</p>
 
+
 				<div class="flex">
-					<p class="text-xl mt-2 lg:mt-6"><a href="/fr/domaines/" class="text-https-blue hover:text-black ">Vérifier la conformité d’un site gouvernemental</a></p>
-					<object class="ml-2 lg:mt-4" type="image/svg+xml" tabindex="-1" role="img" aria-hidden="true" data="/static/images/cta-arrow.svg"></object>
+					<p class="text-xl mt-2 lg:mt-6"><a href="/fr/organisations/" class="text-https-blue hover:text-black ">Vérifier la conformité d’un site gouvernemental</a></p>
+					<object class="ml-2 lg:mt-4" type="image/svg+xml" tabindex="-1" role="img" aria-hidden="true" data="/static/images/cta-arrow.svg">
+						<p>Pour vérifier la conformité d’un site gouvernemental</p>
+					</object>
 				</div>
 
+
 			</div>
 
 			<div class="flex-inline flex-col text-center mx-auto">
@@ -31,7 +35,6 @@ <h3 class=" text-xl sm:text-2xl">Domaines qui excécutent <br>  le protocole HTT
 
 </section>
 
-{% include 'includes/donut.html' %}
-
+<script src="/static/js/https/donuts.js?{{ now() | date("%Y%m%j%H%M%S") }}"></script>
 <script src="/static/js/https/organizations.js?{{ now() | date("%Y%m%j%H%M%S") }}"></script>
 {% endblock %}
diff --git a/track/templates/fr/layout-fr.html b/track/templates/fr/layout-fr.html
index f2222e8..28719e2 100644
--- a/track/templates/fr/layout-fr.html
+++ b/track/templates/fr/layout-fr.html
@@ -12,6 +12,13 @@
 </head>
 
 <body class="flex flex-1 flex-col min-h-screen">
+{% set GTM_key = "GOOGLE_TAG_MANAGER" | fetch_env() %}
+{% if GTM_key %}
+<!-- Google Tag Manager (noscript) -->
+<noscript role="application" aria-label="script for google tag manager"><iframe src="https://www.googletagmanager.com/ns.html?id={{ GTM_key }}"
+height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
+<!-- End Google Tag Manager (noscript) -->
+{% endif %}
 
 	<header role="banner" id="header">
 
@@ -21,12 +28,17 @@
 
 		<!-- GOC Identity Bar -->
 
-	    <section id="goc-fip-bar">
+	    <section id="goc-fip-bar" aria-label="Aller  à la page anglaise">
 	        <div class="container mx-auto flex">
 	            <div class="flex-1 pt-2 pb-2">
-	                <a href="https://www.canada.ca/fr.html" aria-label="Government of Canada">
-	                    <object type="image/svg+xml" tabindex="-1" role="img" data="/static/images/fip-dark-en.svg"
-	                            aria-label="Symbol of the Government of Canada" class="h-6"></object>
+	                <a href="https://www.canada.ca/fr.html" aria-label=" Gouvernement du Canada">
+	                    <object type="image/svg+xml" tabindex="-1" role="presentation" data="/static/images/fip-dark-en.svg"
+	                            aria-label=" Gouvernement du Canada" class="h-6">
+							     Gouvernement du Canada
+
+						</object>
+
+
 	                </a>
 	            </div>
 
@@ -38,13 +50,12 @@ <h2 class="sr-only">Sélection de la langue</h2>
 	    </section>
 
 	    <!-- Navigation -->
-
-	    <nav class="bg-white border-b border-https-dark-gray">
+	    <nav class="bg-white border-b border-https-dark-gray"  aria-label="Menu principal">
 			<div class="container mx-auto flex">
 				<div class="{{ self.pageid_en() | site_title(false) }} flex-none">
 					<h2 class="mr-8 py-6 text-base sm:text-lg hidden md:block"><a class="text-grey-darkest no-underline hover:underline font-medium hover:text-https-blue" href="/fr/index/">Suivre la conformité en matière de sécurité Web</a></h2>
 				</div>
-		        <div role="navigation" class="flex-1">
+		        <div class="flex-1">
 		            <ul class="list-reset flex justify-end text-base sm:text-lg font-normal">
 		                <li class="py-6 md:py-8 lg:py-6 inline xl:hidden">
 		                    <a id="menu-btn" class="text-https-blue hover:text-black no-underline hover:underline" href="#">Menu</a>
@@ -62,8 +73,7 @@ <h2 class="mr-8 py-6 text-base sm:text-lg hidden md:block"><a class="text-grey-d
 		        </div>
 		    </div>
 		</nav>
-
-	    <nav id="menu-content" class="shadow-md">
+	    <nav id="menu-content" class="shadow-md" aria-label="Menu pour mobile">
 		    <ul class="list-reset ml-4 mr-2 mt-4">
 		    	<li class="{{ self.pageid_en() | site_title(true) }} block py-4 border-b border-https-dark-gray sm:block md:hidden"><a tabindex="-1" class="text-xl text-https-blue no-underline hover:underline" href="/fr/index/">Suivre la conformité en matière de sécurité Web</a></li>
 		    	<li class="block py-4 border-b border-https-dark-gray"><a tabindex="-1" class="text-xl text-https-blue hover:text-black no-underline hover:underline" href="/fr/organisations/">Vérifier la conformité</a></li>
diff --git a/track/templates/fr/organizations.html b/track/templates/fr/organizations.html
index 6dc24d9..61d701c 100644
--- a/track/templates/fr/organizations.html
+++ b/track/templates/fr/organizations.html
@@ -10,7 +10,7 @@
 
 {% include 'includes/fr/modal.html' %}
 
-<section id="main-content" class="flex-1">
+<section id="main-content" class="flex-1" aria-label="HTTPS par organisme">
 
 	<header class="bg-https-light-gray pt-6">
 
diff --git a/track/templates/includes/en/beta-bar.html b/track/templates/includes/en/beta-bar.html
index 661f1d0..dc27694 100644
--- a/track/templates/includes/en/beta-bar.html
+++ b/track/templates/includes/en/beta-bar.html
@@ -1 +1,19 @@
-<div class="bg-grey-darkest py-1 text-xs sm:block md:block lg:block xl:block"></div>
\ No newline at end of file
+<section class="bg-grey-darkest py-4 text-xs sm:block md:block lg:block xl:block" aria-labelledby="myBeta">
+    <div class="container mx-auto text-white flex items-center">
+
+
+
+        <span class="flex-initial">
+            <span class="beta-badge py-2 px-2 font-bold rounded uppercase mr-4 text-black">Beta</span>
+        </span>
+        <span class="flex-1" id="myBeta">This is a new service, we are constantly improving.</span>
+
+        <div class="flex-1">
+        	<nav>
+                <ul class="list-reset">
+                     <li ><a class='myskip font-bold text-base'  href="#main-content">Skip to main content</a></li>
+                </ul>
+		    </nav>
+        </div>
+    </div>
+</section>
diff --git a/track/templates/includes/en/footer.html b/track/templates/includes/en/footer.html
index 1903a6c..1ee47d7 100644
--- a/track/templates/includes/en/footer.html
+++ b/track/templates/includes/en/footer.html
@@ -7,7 +7,9 @@
 	        </ul>
 	    </div>
         <div class="flex-1 text-center sm:text-right min-width-full mb-2 sm:mb-0">
-            <object class="h-8" type="image/svg+xml" tabindex="-1" role="img" data="/static/images/wordmark-light.svg" aria-label="Symbol of the Government of Canada"></object>
+            <object class="h-8" type="image/svg+xml" tabindex="-1" role="presentation" data="/static/images/wordmark-light.svg" aria-label="Symbol of the Government of Canada">
+                Symbol of the Government of Canada
+            </object>
         </div>
     </div>
 </footer>
diff --git a/track/templates/includes/en/modal.html b/track/templates/includes/en/modal.html
index 61133a9..ec57922 100644
--- a/track/templates/includes/en/modal.html
+++ b/track/templates/includes/en/modal.html
@@ -2,7 +2,7 @@
 <div id="modal" class="hidden fixed pin z-50">
 
 	  <!-- Modal content -->
-	  <div id="modal-content" tabindex="-1" role="dialog" aria-labelledby="table compliance definitions" class="relative bg-white w-3/4 m-auto flex-col py-2 overflow-auto flex-initial">
+	  <div id="modal-content" tabindex="-1" role="dialog" aria-label="Compliance definitions" class="relative bg-white w-3/4 m-auto flex-col py-2 overflow-auto flex-initial">
 	  	<div id="close" class="w-full text-right pr-6"><span class="close-symbol"><a id="close-btn" class="no-underline text-black text-3xl lg:text-5xl" href="#">&times;</a></span></div>
 	  	<div class="container lg:w-5/6 mx-auto">
 		    <h2 id="modal-header" tabindex="-1" class="text-3xl lg:text-5xl font-bold mb-4">Compliance definitions</h2>
diff --git a/track/templates/includes/fr/beta-bar.html b/track/templates/includes/fr/beta-bar.html
index 661f1d0..93d6b39 100644
--- a/track/templates/includes/fr/beta-bar.html
+++ b/track/templates/includes/fr/beta-bar.html
@@ -1 +1,18 @@
-<div class="bg-grey-darkest py-1 text-xs sm:block md:block lg:block xl:block"></div>
\ No newline at end of file
+<section class="bg-grey-darkest py-4 text-xs sm:block md:block lg:block xl:block" aria-labelledby="myBeta">
+    <div class="container mx-auto text-white flex items-center">
+        <span class="flex-initial">
+            <span class="beta-badge py-2 px-2 font-bold rounded uppercase mr-4 text-black">Bêta</span>
+        </span>
+        <span class="flex-1" id="myBeta">Ceci est un nouveau service, nous l’améliorons constamment.</span>
+
+        <div class="flex-1">
+        	<nav>
+                <ul class="list-reset">
+                   <li ><a class='myskip font-bold text-base'  href="#main-content">Passer au contenu principal</a></li>
+                </ul>
+		    </nav>
+        </div>
+
+
+    </div>
+</section>
\ No newline at end of file
diff --git a/track/templates/includes/fr/footer.html b/track/templates/includes/fr/footer.html
index ef00e55..b8031fb 100644
--- a/track/templates/includes/fr/footer.html
+++ b/track/templates/includes/fr/footer.html
@@ -8,7 +8,9 @@
             </ul>
 	    </div>
         <div class="flex-1 text-center sm:text-right min-width-full mb-2 sm:mb-0">
-            <object class="h-8" type="image/svg+xml" tabindex="-1" role="img" data="/static/images/wordmark-light.svg" aria-label="Symbol of the Government of Canada"></object>
+            <object class="h-8" type="image/svg+xml" tabindex="-1" role="presentation" data="/static/images/wordmark-light.svg" aria-label="Gouvernement du Canada">
+                Gouvernement du Canada
+            </object>
         </div>
     </div>
 </footer>
diff --git a/track/templates/includes/fr/modal.html b/track/templates/includes/fr/modal.html
index 18cdc83..ba0000f 100644
--- a/track/templates/includes/fr/modal.html
+++ b/track/templates/includes/fr/modal.html
@@ -2,7 +2,7 @@
 <div id="modal" class="hidden fixed pin z-50">
 
 	  <!-- Modal content -->
-	  <div id="modal-content" tabindex="-1" role="dialog" aria-labelledby="table compliance definitions" class="relative bg-white w-3/4 m-auto flex-col py-2 overflow-auto flex-initial">
+	  <div id="modal-content" tabindex="-1" role="dialog" aria-label="Critères de conformité" class="relative bg-white w-3/4 m-auto flex-col py-2 overflow-auto flex-initial">
 	  	<div id="close" class="w-full text-right pr-6"><span class="close-symbol"><a id="close-btn" class="no-underline text-black text-3xl lg:text-5xl" href="#">&times;</a></span></div>
 	  	<div class="container lg:w-5/6 mx-auto">
 		    <h2 id="modal-header" tabindex="-1" class="text-3xl lg:text-5xl font-bold mb-4">Critères de conformité</h2>
diff --git a/track/templates/includes/head.html b/track/templates/includes/head.html
index 0e23882..74ad670 100644
--- a/track/templates/includes/head.html
+++ b/track/templates/includes/head.html
@@ -1,4 +1,18 @@
 
+{% set GTM_key = "GOOGLE_TAG_MANAGER" | fetch_env() %}
+
+
+{% if GTM_key %}
+    <!-- Google Tag Manager -->
+    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+    new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+    j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+    'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
+    })(window,document,'script','dataLayer','{{ GTM_key }}');</script>
+    <!-- End Google Tag Manager -->
+
+{% endif %}
+
 <!-- Basic Page Needs
 ================================================== -->
 <meta charset="utf-8">
@@ -22,14 +36,7 @@
 <script src="/static/js/vendor/querystring.js"></script>
 <script src="/static/js/utils.js?{{ now() | date("%Y%m%j%H%M%S") }}"></script>
 
-<!-- Global site tag (gtag.js) - Google Analytics -->
-<script async src="https://www.googletagmanager.com/gtag/js?id=UA-102484926-7"></script>
-<script>
-  window.dataLayer = window.dataLayer || [];
-  function gtag(){dataLayer.push(arguments);}
-  gtag('js', new Date());
-  gtag('config', 'UA-102484926-7');
-</script>
+
 
 <!-- sigh, datatables -->