You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.

By default this is enabled since release 16.0 and onwards. For previous releases it was disabled by default.

By default this is enabled.

To disable:

application.properties
blueriq.security.strict-transport-security.enabled=false

To enable again:

application.properties
blueriq.security.strict-transport-security.enabled=true

Frontend Deployment

Security headers generated by the Runtime are only applied to pages that are served from the Runtime itself. In case the Blueriq Frontend is served from a CDN or via Reverse Proxy these headers will need to be configured from the CDN or Reverse Proxy, for the headers to be applied.