Applies to Product - Power Pages
What’s happening?
Customer is looking for assistance with implementing HTTP Strict Transport Security (HSTS) on their Power Pages sites.
Reason:
The Power platform uses HSTS as part of its default security headers, which helps protect websites against protocol downgrade attacks and cookie hijacking. The implementation of HSTS is crucial for securing web applications against various security risks.
Resolution:
- The Power platform is designed with a comprehensive security framework that includes the implementation of HTTPS to encrypt traffic between the client and the server.
- HSTS is automatically included in the default security headers of the Power platform, ensuring that web applications leverage modern security practices without requiring manual configuration.
- For further guidance on implementing HSTS, refer to the resource provided: GlobalSign HSTS Guide.
- If additional information is needed, review the security white papers related to the Power platform for detailed architecture and security features.
