help.sitevision.se always refers to the latest version of Sitevision
The Advanced
Do not touch these settings if do not know what they do! It can have great consequences on the website if you make a mistake!
Strict-Transport-Security
The purpose of this header is to force all requests to go over HTTPS regardless of what is specified in the links etc. This header sets a TTL, and whilst TTL applies, the browser will only retrieve pages from the domain via HTTPS, no matter what the link or "address bar" says.
Examples of headers:
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Check that the header is set in the response.
The setting is cached in the browser so if you have made a setting it will be saved in the visitor's browser.
Referrer-Policy
A referrer that allows a website to control how much information the browser contains with navigation removed from a document. See https://scotthelme.co.uk/a-new-security-header-referrer-policy/
Content-Security-Policy
Header that instructs the visitor's browser from which sources resources can be retrieved. Find out more at https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP External link, opens in new window.
Currently used for online only
X-XSS-Protection
This header is a function used by Internet Explorer, Chrome & Safari that prevents pages from being loaded when they detect XSS attacks (cross-site scripting).
X-Content-Type-Options
Forcing browsers to trust our mime-types. Makes it impossible to make "drive-by-download" attacks via Sitevision.
This function requires you to have “Manage website settings” and "Manage developer functions" permissions.
The page published: