Do you use HTTPS everywhere? Have you deployed HSTS on your server?Last Updated: December 19, 2019
As you may have noticed, the header HTTP-Strict-Transport-Security (HSTS) is not enforced on our web application. You can use app.forestadmin.com through HTTP and HTTPS depending on the Forest environment (e.g., development, staging, production).
Very often, your development environment such as localhost:3000 does not have an HTTPS configuration. This is why we make the HTTP protocol available.
On your Forest production environment, we require that you use an HTTPS application endpoint (otherwise you’ll see a warning) to get HTTPS enforced on app.forestadmin.com