The Advanced
Do not touch these settings if do not know what they do! It can have great consequences on the website if you make a mistake!
Strict-Transport-Security
The purpose of this header is to force all requests to go over HTTPS regardless of what is specified in the links etc. This header sets a TTL, and whilst TTL applies, the browser will only retrieve pages from the domain via HTTPS, no matter what the link or "address bar" says.
Examples of headers:
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Check that the header is set in the response.
The setting is cached in the browser so if you have made a setting it will be saved in the visitor's browser.
Referrer-Policy
A referrer that allows a website to control how much information the browser contains with navigation removed from a document. See https://scotthelme.co.uk/a-new-security-header-referrer-policy/
Content-Security-Policy
Header that instructs the visitor's browser from which sources resources can be retrieved. Find out more at https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
External link, opens in new window.
Currently used for online only
X-XSS-Protection
This header is a function used by Internet Explorer, Chrome & Safari that prevents pages from being loaded when they detect XSS attacks (cross-site scripting).
X-Content-Type-Options
Forcing browsers to trust our mime-types. Makes it impossible to make "drive-by-download" attacks via Sitevision.
This function requires you to have “Manage website settings” and "Manage developer functions" permissions.
The page published:
Print page
help.sitevision.se always refers to the latest version of Sitevision