Umbraco Cloud
CMSHeartcoreDXPMarketplace
  • What is Umbraco Cloud?
  • Frequently asked questions
  • Security
    • Web Application Firewall
  • Sustainability Best Practices
  • Getting Started
    • Explore Umbraco Cloud
    • The Cloud Portal
      • Organizations
      • Sustainability Dashboard
    • Project Overview
    • Environments
    • Flexible Environments (beta)
    • Baselines
      • Baseline Merge Conflicts
      • Break Reference between Baseline and Child Project
      • Handling configuration files
      • Pushing Upgrades to a Child Project
    • Plans
    • Migrate to Umbraco Cloud
    • Repositories in a Cloud Project
    • Best Practice for Working in Teams
    • Migrate between regions
  • Set up
    • Ready to Set Up Your Project?
    • Working with a Local Clone
      • Legacy Umbraco Visual Studio Setup
    • Manage Environments
    • Project Settings
      • Managing Transport Security
      • CDN Caching and Optimizations
      • Dedicated Resources
      • Upgrade your Plan
      • Public Access
      • Managing Hostnames
        • New Certificate Authority for custom hostnames
        • Rewrite rules
        • Custom Certificates
      • Management API Security
      • Umbraco CI/CD Flow
        • Cloud API For CI/CD Flow
        • Configuring a CI/CD pipeline
          • Azure DevOps
          • GitHub Actions
        • Troubleshooting
        • Known Limitations and Considerations
      • External Services
      • Usage
        • Bandwidth
      • Availability and Performance
      • Team Members
        • Technical Contact
      • Secrets Management
      • Project History
    • Private NuGet Feed on Umbraco Cloud
    • Going Live
    • Media
    • External Login Providers
    • Azure Blob Storage
      • Connect to Azure Storage Explorer to upload files manually
      • Connect and Upload Files Programmatically to Azure Blob Storage
    • Users
    • Multi-Factor Authentication
    • Application Insights
    • Config Transforms
    • SMTP Settings
    • Payments
      • Subscription migration information and FAQ
    • Power Tools (Kudu)
      • View the Files on your Cloud Environments
      • Generate UDA files
      • Manually run Extractions on your Cloud Environments
  • Deployments
    • Deployment
    • Deploying between environments
    • Transferring Content, Media, Members, and Forms
    • Deploying Deletions
    • Deployment Webhook
    • Deploying Changes
    • Umbraco Forms on Cloud
    • Deploy Dashboard
    • Hotfixes
      • Apply hotfix by manually moving files
      • Apply hotfix by using Git
    • Restoring Content
      • Partial Restores
  • Databases
    • Keep Your Data Secure and Accessible
    • Working with databases
    • Database backups
    • Database
      • Connecting to the Database on Mac
    • Working with a Cloud database locally
  • Product Upgrades
    • Stay Up to Date with Umbraco Cloud
    • Product Upgrades
    • Major Upgrades
    • Minor Upgrades
    • Version Specific Upgrades
      • Migrate from Umbraco 8 to the latest version
      • Migrate from Umbraco 7 to Umbraco 8 on Umbraco Cloud
    • Upgrade your projects manually
      • Manual upgrade of Umbraco CMS
      • Manual upgrade of Umbraco Deploy
    • Dependencies on Umbraco Cloud
  • Troubleshooting
    • Resolve Issues Quickly and Efficiently
    • Troubleshooting FAQ
    • Log files
    • The Umbraco Backoffice
    • The Frontend
    • The Umbraco Cloud Portal
    • Site Performance checklist
    • Troubleshooting deployments
      • Extraction error: Config transforms failing
      • Extraction error: Data Type collisions
      • Dependency Exception
      • Merge Conflicts on Flexible Environments
      • Troubleshooting deployments failing with no error message
      • Troubleshooting duplicate dictionary items
      • Troubleshooting language mismatches
      • Path too long Exception
      • Schema Mismatches
      • How to resolve collision errors
      • Extraction error: "Type not found! "
    • Cloud Errors
  • Release Notes
    • Overview 2025
      • April 2025
      • March 2025
      • February 2025
      • January 2025
    • Overview 2024
      • December 2024
      • November 2024
      • October 2024
      • September 2024
      • August 2024
      • July 2024
      • May 2024
      • April 2024
      • March 2024
      • February 2024
      • January 2024
    • Overview 2023
      • December 2023
      • October 2023
      • September 2023
      • August 2023
      • June 2023
      • May 2023
      • April 2023
      • March 2023
      • February 2023
      • January 2023
    • Overview 2022
      • December 2022
      • November 2022
      • September 2022
      • August 2022
      • June 2022
      • May 2022
      • April 2022
      • March 2022
      • February 2022
      • January 2022
Powered by GitBook
On this page
  • HTTP/2 Explained
  • TLS 1.3 Explained
  • Minimum TLS Version Explained
  • WAF Explained
  • Plan specific features
  • Security subpage
  • Cipher Suite Management

Was this helpful?

Edit on GitHub
Export as PDF
  1. Set up
  2. Project Settings

Managing Transport Security

Once you have added your custom hostnames to your Umbraco Cloud project, it's possible to configure certain transport security options for all or specific custom hostnames within your project. These security options all relate to the traffic that goes through your hostname from the origin (Umbraco Cloud) to the end-user - meaning the protocols and encryption used to transport your website and assets from the webserver to the browser.

Currently, these options are available:

  • HTTP/2 (default: on)

  • TLS 1.3 (default: off)

  • Minimum TLS Version (default: 1.2)

  • Web Application Firewall (WAF) (default: on)

When a new custom hostname is added to a Project it will have the default settings applied. But you can change the defaults for your Project, so new custom hostnames will get the default settings you have chosen.

HTTP/2 Explained

The first usable version of HTTP was created in 1997. Because it went through different stages of development, this first version of HTTP was called HTTP/1.1. This version is still in use on the web. In 2015, a new version of HTTP called HTTP/2 was created. HTTP/2 progressively enhances your website’s performance. When a browser supports HTTP/2, Umbraco Cloud will take full advantage of HTTP/2 performance benefits end to end. For older browsers or non-HTTPS requests, the traffic will fall back to HTTP/1.1. You don’t need to choose between better performance and backward compatibility, which is why HTTP/2 is enabled by default for all new custom hostnames added to a Umbraco Cloud project.

TLS 1.3 Explained

Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol. SSL/TLS is the protocol that encrypts communication between users and your website. When web traffic is encrypted with TLS, users will see the green padlock in their browser window. By turning on the TLS 1.3 option, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients. TLS 1.3 protocol has improved latency over older versions, has several new features, and is currently supported in both Chrome (starting with release 66), Firefox (starting with release 60), and in development for Safari and Edge browsers.

Minimum TLS Version Explained

The minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer. This option relates to the TLS versions mentioned above and the current default, which is TLS 1.2. If you want your website traffic to only use TLS 1.3 you can change the minimum version. But be mindful of the implications that this might have (see browser support above). You don't need to change the minimum version to use TLS 1.3.

WAF Explained

Plan specific features

Access to the different options varies depending on the Umbraco Cloud plan your project is on. Currently, the features are available as follows:

  • Starter: HTTP/2

  • Standard: HTTP/2, TLS 1.3, Minimum TLS Version

  • Professional: HTTP/2, TLS 1.3, Minimum TLS Version

Security subpage

Click Security from the Settings dropdown on your Umbraco Cloud Project. The Security settings are scoped per environment, so if you have multiple environments and add your custom hostnames to different environments you can select the environment at the top of the page.

Aside from the environments, the Security page is divided into 'Default Settings' and 'Hostname Specific Settings'. Use the Default Settings to configure what should be applied to new and existing custom hostnames by default.

If you want to have different security options for different custom hostnames, then select the custom hostname under Hostname Specific Settings and adjust the options for that specific hostname. This might be useful if you want to test the different options on another custom hostname than your primary hostname.

Cipher Suite Management

On the security page, it's possible to enable or disable the different cipher suites for your project.

Enabling or disabling the different ciphers can be done under the minimum TLS version in the Ciphers drop-down:

Like the other Hostname Specific Settings, you can enable/disable specific ciphers for your custom hostname based on your needs.

PreviousProject SettingsNextCDN Caching and Optimizations

Last updated 4 months ago

Was this helpful?

A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. Common attacks like cross-site scripting, SQL injection, and file inclusion are mitigated by acting as a shield between the web application and potential threats. For more detailed information, please refer to our .

WAF section
Security Settings Umbraco Cloud
Hostname Specific settings
Enable or disable Cipher Suites for your project.