Skip to main content
Set Your HTTP and Password Reset Security

Choose how secure you want your HTTP/HTTPS and password reset requests to be

Ania Kwak avatar
Written by Ania Kwak
Updated over 3 weeks ago

For those who want more control over their LemonadeLXP's security, you can customize your HTTP and password reset settings to suit your needs.

To customize them, log in as an admin, then:

  • SELECT "SETTINGS"

  • SELECT "Config"

Menu bar Settings/Config highlighted

Scroll down the first page until you reach the section titled "Security Settings":

Security Settings

Before moving forward, it's important to note that all traffic will be strictly routed through HTTPS.

Example:
If a user tries to access http://example.com, they will be automatically redirected to https://example.com to ensure a secure connection.

HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS)

Turning on this setting ensures that LemonadeLXP enforces strict security measures for your website. Think of it like adding extra locks and security systems to protect your home from intruders—except in this case, it's protecting your website from cyber threats.


Referrer Policy Header

This setting controls how much information is shared when users click links from your LemonadeLXP site to other websites. You can choose to hide all details, share only limited information, or allow full visibility. Select the option that suits your needs and SAVE your changes.

Referrer Policy Header drop-down menu showing all available options

Password Reset Settings

Perform browser fingerprinting during password change requests

Checking this option off will require users to submit and complete their password change request using the same browser.

For example: if a user initializes the reset using Internet Explorer, then opens the emailed reset link URL in Chrome, the reset will not work. The user must open the reset link in the same browser for it to work; in this case, in Internet Explorer

Perform IP validation during password change requests

Enabling this setting will ensure users start and complete their password reset request from the same location/device they started it.

For example: should a user start the reset process on their personal computer, then attempt to complete it on their company computer, it will not work! They must either start and finish on their personal computer, or start and finish on their company computer.

Did this answer your question?