Gå direkt till innehållet

help.sitevision.se hänvisar alltid till senaste versionen av Sitevision

The Advanced

Advanced security

Do not touch these settings if do not know what they do! It can have great consequences on the website if you make a mistake!

Strict-Transport-Security

The purpose of this header is to force all requests to go over HTTPS regardless of what is specified in the links etc. This header sets a TTL, and whilst TTL applies, the browser will only retrieve pages from the domain via HTTPS, no matter what the link or "address bar" says.

Examples of headers:
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Check that the header is set in the response.

The setting is cached in the browser so if you have made a setting it will be saved in the visitor's browser.

Referrer-Policy

A referrer that allows a website to control how much information the browser contains with navigation removed from a document. See https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Content-Security-Policy

Header that instructs the visitor's browser from which sources resources can be retrieved. Find out more at https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP External link, opens in new window.

Currently used for online only

X-XSS-Protection

This header is a function used by Internet Explorer, Chrome & Safari that prevents pages from being loaded when they detect XSS attacks (cross-site scripting).

X-Content-Type-Options

Forcing browsers to trust our mime-types. Makes it impossible to make "drive-by-download" attacks via Sitevision.

This function requires you to have “Manage website settings” and "Manage developer functions" permissions.

The page published:

Did the information help you?

Contact us

Sitevision AB (headquarter)
Drottninggatan 18A
702 10 Orebro
Sweden

Info: +46 19-17 30 30
Support: +46 19-17 30 39

Follow us