Logga

The Advanced

Advanced security

Do not touch these settings if do not know what they do! It can have great consequences on the website if you make a mistake!

Strict-Transport-Security

The purpose of this header is to force all requests to go over HTTPS regardless of what is specified in the links etc. This header sets a TTL, and whilst TTL applies, the browser will only retrieve pages from the domain via HTTPS, no matter what the link or "address bar" says.

Examples of headers:
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Check that the header is set in the response.

The setting is cached in the browser so if you have made a setting it will be saved in the visitor's browser.

Referrer-Policy

A referrer that allows a website to control how much information the browser contains with navigation removed from a document. See https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Content-Security-Policy

Header that instructs the visitor's browser from which sources resources can be retrieved. Find out more at https://developer.mozilla.org/en-US/docs/Web/HTTP/CSPexternal link, opens in new window

Currently used for online only

X-XSS-Protection

This header is a function used by Internet Explorer, Chrome & Safari that prevents pages from being loaded when they detect XSS attacks (cross-site scripting).

X-Content-Type-Options

Forcing browsers to trust our mime-types. Makes it impossible to make "drive-by-download" attacks via Sitevision.

This function requires you to have “Manage website settings” and "Manage developer functions" permissions.

The page published: 2019-02-28

Find us!

SiteVision AB (Headquarter)
Vasagatan 10
702 10 Orebro
Sweden


Info: +46 19-17 30 30
Support: +46 19-17 30 39