You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
HTTP Strict Transport Security
HTTP Strict Transport Security (HSTS) is a enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
By default this is enabled since release 16.0 and onwards. For previous releases it was disabled by default.
By default this is enabled.
To disable:
blueriq.security.strict-transport-security.enabled=false
To enable again:
blueriq.security.strict-transport-security.enabled=true
Frontend Deployment
Security headers generated by the Runtime are only applied to pages that are served from the Runtime itself. In case the Blueriq Frontend is served from a CDN or via Reverse Proxy these headers will need to be configured from the CDN or Reverse Proxy, for the headers to be applied.