Reference library

Sitekit CMS Help» Reference library» Configuring and administering» Domain configuration
Article number: 301787

Domains

Sitekit CMS can manage all your domains and sub-domains.

Add a domain

  1. Click Domains in the Configure tab.
  2. Type the domain name into the text box at the bottom-left of the table, excluding http:// (e.g. www.newdomain.co.uk)
  3. Set the desired configuration (see configuration options, below).
  4. Click Add. The new domain is added to the list.

Domain configuration options

  • Make master
    Set as the master domain when the configuration is saved.
  • Folder
    Non-configurable, states which folder in the asset tree the domain is applied to.
  • Index
    Search engines will index pages and files visited via the domain.
  • Follow
    Search engines will visit ("crawl") links on a page it visits via the domain.
  • Subweb
    Used to create a subsite on the main site with a distinct domain. Content can only be retrieved from the asset tree folder that the domain is applied to. NB: This will only function if Use Web Standard URLs is enabled in Site Settings. There are limitations to subsites. The domain once create can be associated with the respective folder via folder properties
  • SSL
    This should ONLY be checked if you have a valid SSL (https) security certificate for this domain. When checked all content retrieved via the domain is served securely (https). The CMS automatic redirection from http to https is a permanent 301 redirect.
  • 301 Redirect To
    Enter a web address to configure the domain to redirect all traffic to it.
  • P3P Compact (removed V12.0)
    See W3C: Compact Policies
  • HSTS (V11.2)
    • On the domains screen a new column has been added for HSTS.
    • The column input takes value in seconds for max-age.
    • -1 means no head added.
    • 0 or above includes the header.
    • Header only outputs on front-end sites when request made over HTTPS.  

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.

References:
https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
https://www.owasp.org/index.php/Test_HTTP_Strict_Transport_Security_(OTG-CONFIG-007)

Related questions