<source lang:markdown>
* [ ] The service must have performed a Rapid Risk Assessment and have a Risk Record bug (**SVC-RRA**).
Infrastructure rules
--------------------
* [ ] Use [Modern Intermediate TLS](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibilityIntermediate_compatibility) (**INFRA-TLS**)
* [ ] Set HSTS to 31536000 (1 year) (**INFRA-HSTS**)
* [ ] Set HPKP to 5184000 (60 days) (**INFRA-HPKP**)
* If the service pushes data to Firefox, like when distributing blacklists or pushing updates, cryptographic signatures must be used. (**DATA-SIGN**)
* [ ] Addons must use standard AMO signing (**APP-SIGNING**)
* [ ] Code & Conf must use Content-Signature via[Autograph](https://github.com/mozilla-services/autograph) (**DATA-SIGNING**)
</source>