Do not touch these settings if do not know what they do! It can have great consequences on the website if you make a mistake!
The purpose of this header is to force all requests to go over HTTPS regardless of what is specified in the links etc. This header sets a TTL, and whilst TTL applies, the browser will only retrieve pages from the domain via HTTPS, no matter what the link or "address bar" says.
Examples of headers:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Check that the header is set in the response.
The setting is cached in the browser so if you have made a setting it will be saved in the visitor's browser.
A referrer that allows a website to control how much information the browser contains with navigation removed from a document. See https://scotthelme.co.uk/a-new-security-header-referrer-policy/
Header that instructs the visitor's browser from which sources resources can be retrieved. Find out more at https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Currently used for online only
This header is a function used by Internet Explorer, Chrome & Safari that prevents pages from being loaded when they detect XSS attacks (cross-site scripting).
Forcing browsers to trust our mime-types. Makes it impossible to make "drive-by-download" attacks via Sitevision.
This function requires you to have “Manage website settings” and "Manage developer functions" permissions.
The page published: 2019-02-28