Reference library

Article number: 301787
Last updated: 15 August 2019

Domains

Sitekit CMS can manage all your domains and sub-domains.

Add a domain

  1. Click Domains in the Configure tab.
  2. Type the domain name into the text box at the bottom-left of the table, excluding http:// (e.g. www.newdomain.co.uk)
  3. Set the desired configuration (see configuration options, below).
  4. Click Add. The new domain is added to the list.

Domain configuration options

  • Make master
    Set as the master domain when the configuration is saved.
  • Folder
    Non-configurable, states which folder in the asset tree the domain is applied to.
  • Index
    Search engines will index pages and files visited via the domain.
  • Follow
    Search engines will visit ("crawl") links on a page it visits via the domain.
  • Subweb
    Used to create a subsite on the main site with a distinct domain. Content can only be retrieved from the asset tree folder that the domain is applied to. NB: This will only function if Use Web Standard URLs is enabled in Site Settings. There are limitations to subsites. The domain once create can be associated with the respective folder via folder properties
  • SSL
    This should ONLY be checked if you have a valid SSL (https) security certificate for this domain. When checked all content retrieved via the domain is served securely (https). The CMS automatic redirection from http to https is a permanent 301 redirect.
  • 301 Redirect To
    Enter a web address to configure the domain to redirect all traffic to it.
  • P3P Compact
    See W3C: Compact Policies
  • HSTS (11.2)
    HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
    • The input is the expiry period of the header, in seconds.
    • -1 (default value) means HSTS is disabled.
    • 0 or above enables HSTS.
    • Header is ignored when visitor accesses site via HTTP connection.
    • Header takes effect upon visiting via HTTPS, from that point on it will redirect HTTP to HTTPS until the header expiry time has passed, at which point it will check to see if HSTS is still enabled and if so reset the header expiry period.

References:
https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
https://www.owasp.org/index.php/Test_HTTP_Strict_Transport_Security_(OTG-CONFIG-007)

Related questions


This article was last updated on 15 August 2019. Did you find it helpful?