Operating since 1997 (previously known as eMediaMark), Chit ICR is an active (as of November 2024) collaboration that offers reliable protection and a simple way to keep children (and vulnerable adults) safe from unsuitable online content by assigning each Fully Qualified Domain Name (FQDN) with a content rating.
ICR is also known as FQDCR, and historically FDQMR.
There is no fee to have an ICR from this service for your website, and it is free to use. Software that uses the service must adhere to our fair usage policy, else automatically gets firewalled.
Responsible Mobile and Tablet operating systems have a maximum allowed ICR Level set per User account, and school IT networks protect children and the vulnerable from all unsuitable online content based on the Fully Qualified Domain Name of the URL at a Proxy level. ICR Browser Extensions (plugins / add-ons) are available for web browsers.
ICR is Fully Qualified Domain Name based, not specific URL based like the eMediaMark. RDF, WDR & the PWDER are all URL based and impractical to implement and keep verified (hence rely on) to keep the vulnerable safe.
We are not, never have or will be, in any way connected to the ICRA or the FOSI.
We have to date Verified 15,410,502 different fully qualified domain names, and regularly recheck them. All "Reported URLs" and websites granted Levels between 1 and 4 are regularly checked by a human; Levels 5 to 8 are monitored by our ICRBot.
Pre-teen schools allow Level 1-4
Schools for teenagers allow Level 1-5
Typical adult PC/tablet/phone allows Level 1-9
Ideally, any site with a Level of 10+ should only be accessible to adults and after seeing a very clear warning message about the site they are about to access.
No site with Level 100+ should be accessible by accident; ISPs often have blocks in place to prevent direct access.
https://icr.chit.eu/ChitICRSchema.json { "Targets":[ {"Target":"NotYetSet" ,"Desc":"This parameter has not been set yet"}, {"Target":"AllChildren" ,"Desc":"Designed for kids, and not typically appealing to adults"}, {"Target":"YoungChildren" ,"Desc":"Designed for children under 13"}, {"Target":"TeenageChildren","Desc":"Designed for children 13+"}, {"Target":"YoungAdults" ,"Desc":"Typical stand-up comedy, TV gameshow or talk show"}, {"Target":"Learners" ,"Desc":"Educational only"}, {"Target":"Family" ,"Desc":"Typical kids film. Appealing to all ages"}, {"Target":"Professionals" ,"Desc":"Business services. Typical corporate website"}, {"Target":"AdultsOnly" ,"Desc":"For the over 25s"} ], "Ratings":[ {"Level":1,"Rating":"SafeForAll" ,"Desc":"Suitable for any age to read, listen or watch alone"}, {"Level":2,"Rating":"Under7" ,"Desc":"Especially delicate content for very young children"}, {"Level":3,"Rating":"Under13" ,"Desc":"Delicately written content, specifically for children"}, {"Level":4,"Rating":"Clean" ,"Desc":"No profanities, can be any subject if written with education in mind. Suitable for school library"}, {"Level":5,"Rating":"ParentDiscretion" ,"Desc":"Typical news content, and general daytime TV content. Content may be disturbing to some teenagers. Any PG or 12+ rated film"}, {"Level":6,"Rating":"MayContainProfanities" ,"Desc":"Not suitable for children. Maybe rude jokes, blasphemy"}, {"Level":7,"Rating":"AdultTopics" ,"Desc":"Not suitable for children. Views on sexuality, sex, religious debates"}, {"Level":8,"Rating":"ObsceneToSome" ,"Desc":"Not suitable for children. Text, Audio, Video, Photos of anything an adult may find obscene"}, {"Level":9,"Rating":"Unknown" ,"Desc":"Not yet been verified"}, {"Level":96,"Rating":"FraudulentScam" ,"Desc":"A site specialising in high tech scams and fraud. Contact with the company not verbally possible"}, {"Level":97,"Rating":"FullyVerifiedScam" ,"Desc":"A site specialising in high tech scams and fraud. Contact with the company has been made via email and telephone; attempted fraud verified but no threats made by fraudsters when declining to participate"}, {"Level":98,"Rating":"ScamNonPhysicalThreat","Desc":"A site specialising in high tech scams and fraud. Contact with the company has been made via email and telephone; attempted fraud verified and non-physical threat made by fraudsters when declining to participate"}, {"Level":99,"Rating":"ScamPhysicalThreat" ,"Desc":"A site specialising in high tech scams and fraud. Should be taken offline by law inforcement. Contact with the company has been made via email and telephone; attempted fraud verified and physical harm threatened by the fraudster if not compliant with their demands"}, {"Level":122,"Rating":"DeepWebStatic" ,"Desc":"Deep Web - static content copied without consent: Patents, iCloud photos, private emails, Medical Records, Insurance Claims, VIN, Credit Ratings, Exam Grades, Price-fixing & Insider trading agreements..."}, {"Level":123,"Rating":"DeepWebLive" ,"Desc":"Deep Web - live feeds without consent: School/Hotel CCTV, bodycams, Interpol, VIN & ANPR data, Debit/Credit card usage, ICCID/IMSI/IMEI tracking, GSM CID BTS monitoring & Physical address from IP address logs. Also human DNA, iris, fingerprint breath biomark or other biometric records"}, {"Level":124,"Rating":"DarkWebSecurity" ,"Desc":"Dark Web - Satellite control encryption keys, heat/sound/light/EMF signatures, military or intelligence service records"}, {"Level":125,"Rating":"DarkWebHarmful" ,"Desc":"Dark Web - the active ongoing really harmful stuff"} ] }
The easiest and fastest way to get your site setup with an ICR is to "Report" any URL on your website.
For prompt verification we only need you to tell us your domain name; we'll verify your site within 12 hours. We will check at regular random intervals in the future for changes that would effect the Rating and encourage you to let us know of any changes you make to how you primarily use your website domain.
NOTE: If your domain name registration is not renewed with the domain registrar, we'll need to verify it again after you re-register your domain.
1) If your website is www.charitywater.org then visit: https://icr.chit.eu/check/www.charitywater.org
2) If you have a HTTP or HTTPS website, and your Fully Qualified Domain Name is a Level 4 then you can add the following ICR Meta Tag into the HTML Head section of your website homepage:
<meta name="icr" content="4" /> <link rel="icr" href="https://icr.chit.eu/check/www.charitywater.org" type="application/json" />
3) If you wish, also place a file called "ICR.json" in the website root folder:
{ "VerifyURL":"https://icr.chit.eu/check/www.charitywater.org" ,"Host":"www.charitywater.org" ,"Level":4,"Rating":"Clean" }
4) You can check if it is present using your web-browser and by trying to access: https://<your domain>/ICR.json (view ours)
5) If you wish, create a DNS TXT record (if your domain is a Level 6 change ";L=4;" to ";L=6;"):
v=icr1;L=4;V=icr.chit.eu/check/
We will automatically verify your site.
NOTE: until verified your site will be reported as Level 9
We support subdomains on your domain being for different target audiences. You may have kids.tv.com which can have a different Internet Content Rating to www.tv.com or talkshow.tv.com
6) You are encouraged to configure your web services to look for the HTTP Request Header "Max-Icr". If your site is a Level 5 and Max-Icr is set to 4, please return a HTTP Status Code 204 with no body content. The web browser will then know to direct the user to safety. If you have a .htaccess file, the simplest way to achieve this for a simple Level 5 website is to add the following:
RewriteEngine on RewriteCond %{HTTP:Max-Icr} ^(0|1|2|3|4)$ [NC] RewriteRule ^ - [R=204,L]
Our site is Level 4, so the following will return a 204 Status.
fetch("https://icr.chit.eu/" ,{headers: {"Max-Icr":"3", "method": "HEAD"}}) .then(t=>document.write(t.status));
7) So that a browser can know whether to display the body of a HTTP request, your web content can also have a HTTP Response Header "Content-Rating"
Content-Rating: v=icr1;L=4;V=icr.chit.eu/check/
scheme : // username : password @ host : port / path ? query # fragment
ICR gives a Rating at the "host" level
Some examples:
sftp://username:password@host:port/folder/ https://icr.chit.eu:443/CloudsHR.php?c1=1A1F36&c2=0A0F26 https://icr.chit.eu:443/#Using_the_ICR https://icr.chit.eu:443/
In these last three examples the "host" is: icr.chit.eu
Check our database directly by looking at https://icr.chit.eu/check/<domain name>
NOTE: Until verified it will show as Level 9.
If you are a parent, it is assumed that your device has "User Accounts" and your childs true age is entered in their account and you will have an Operating System, Browser, or Browser Extension looking for the ICR Level.
If you are an IT network manager for schools then it is assumed you'll have a block-all, allow-only-verified policy.
1) Download the JSON file from our server: https://icr.chit.eu/check/<domain name>
2) If the file does not exist, then assume Level 9, this site is not safe for a child
3) If the Level is appropriate for your user, then allow them access, else block their access
The HTTP Request Header "Max-Icr" can be sent by the browser. eg "Max-Icr: 4"
With this an ICR enabled web-server will send back the requested resource if it is Level 1-4.
If "Max-Icr: 1" and the FQDN is Level 4, then a HTTP Status Code 204 is returned without content.
https://icr.chit.eu/level/<your domain>
This returns a plain text single number in the range 1-125. Please do not call this more than once per 24 hours for the same domain; store the result on your server for at least 24 hours before checking with us again.
Example
curl https://icr.chit.eu/level/www.charitywater.org
Please use this If you think the Level for a domain is incorrect, or to have your installation automatically checked within a few minutes.
Client-side Javascript
fetch("https://icr.chit.eu/level/"+location.hostname).then(r=>r.text()) .then(t=>document.write(location.hostname+" is Level "+t));
Request the "check" with a html Accept header
fetch("https://icr.chit.eu/check/"+location.hostname ,{headers: {Accept:"text/html"}}) .then(r=>r.text()).then(t=>document.write(t));
Request the "check" with a JSON Accept header
fetch("https://icr.chit.eu/check/"+location.hostname ,{headers: {Accept:"application/json"}}) .then(r=>r.text()).then(t=>document.write(t));
$myicr=4; // the Rating for my FQDN $rhs=getallheaders(); if(isset($rhs['Max-Icr']) && is_numeric($rhs['Max-Icr'])){ if($rhs['Max-Icr']<$myicr){ http_response_code(204);exit; } }
If your FQDN is a Level 4, then you should block it for those only able to view Levels 1 to 3.
RewriteEngine on RewriteCond %{HTTP:Max-Icr} ^(1|2|3)$ [NC] RewriteRule ^ - [R=204,L]
If your FQDN is a Level 4, then you can have NGINX add the Content-Rating HTTP Response Header with the following line:
add_header Content-Rating "v=icr1;L=4;V=icr.chit.eu/check/";
As many as you like, but please bear in mind that it is the Domain Name that is Verified based on the most mature content on the site. Please do not submit the same website many times.
If a software writer, please check the domain and cache the result within your software for 48 hours. If you continuously check more than one domain per second our system will automatically firewall you for a period of time. If you need to be checking large volumes of checks please contact us regarding access to our API, or the possibility of obtaining a syncronised copy of the database.
An ICR for your domain is free of charge; it costs you nothing.
An ICR does not expire but we do regularly check websites for changes. A Rating can change at any time.
No, but if you feel that a Rating is incorrect please use our "Report URL" tool and the site will be reassessed typically within 12 hours.
7 independant members of the ICR community check each new FQDN. Until 5 members have assessed the FQDN you will have a Level 9 (Unknown). No, site can be Level 4 or less without 80% agreement. If over 70% agree that the FQDN is a Level 5 or 6 then a Level 6 will be issued. The actual rules are a little more complicated, but ICR is designed to keep the vulnerable safe. Periodically a FQDN is assigned for reassessment. If the Rating is then changed it is assessed by other members too, to ensure the Rating is accurate.
Simply use the "Report URL" tool and the site will be reassessed typically within 12 hours.
No, each subdomain has its own ICR. If you have multiple subdomains please submit each of them.
"Safe For All" can be accessed by anyone with very little risk of causing distress. It is not specifically designed for any particular age range. Advanced scientific topics may be covered. There will be no concept of Death, Harm, Violence, Swearing, Bad Behaviour, topics of Sexuality, Religion or Race.
"Under 7" is very similar to "Safe For All" but the content is specifically designed to entertain young children and hold their attention without parental supervision.
"Clean" has no Swearing, topics of Sexuality or Race, but may contain mild Violence / Accidental harm / bad behaviour or non-kind Religious beliefs. Content may not be understood by the young.
The purpose of ICR is to protect the vulnerable from inappropriate online content. Level 9 is a domain that we have not yet assessed; it may be a Level 8. Until Verified we report it as a Level 9 to highlight the uncertainty with the current Rating we are reporting.
Level 10+ are not for typical Internet users. Access to a Level 10+ content is for people with specialist hardware and technical knowledge / training, and brings risks well beyond the scope of ICR which is about protecting the vulnerable.
Levels 2 to 7
For a toddler with their first microwave device allow Levels 1 & 2. A primary school library should allow Levels 1-4. A college library computer Levels 1-6. A teacher may want Levels 1-7.
If your User account knows the Date of Birth of the user, then a maximum level of 2 should be used for someone under 7 years old. A level of 3 for someone 7 to 13 years. A 4 for someone 13 to 15. A default maximum level of 7 for someone 25+ but with the option to set to 8 or 9 (a web-developer needs Level 9).
Setting a Level of 9 is equivalent to "Protection Disabled" / "Off" / "Allow Anything"
In terms of fewer settings in your App, it would be sensible for you to consider Level 7+ (AdultTopics) as "ICR Disabled" for most applications; remember ICR is for the young or vulnerable so anyone wanting Level 7+ is beyond what ICR is for. Note how we have, with this answer, been deliberately contradictory / inconsistent. Anything Level 5 and above is grey in terms of a recommendation based on age.
Ideally Levels 1 to 7. If a Max-Icr HTTP Header is sent, the web-server would ideally return a 204 if the hosted content has a higher Rating.
If your site is a Level 1, then we will periodically test your web-server by sending a Max-Icr: 0 HTTP Request Header and look for a 204 response.