Do you use HTTPS everywhere? Have you deployed HSTS on your server?Last Updated: August 20, 2019
As you may have noticed, the header HTTP-Strict-Transport-Security (HSTS) is not enforced on our web application. You can use app.forestadmin.com through HTTP and HTTPS depending on the Forest environment (e.g., development, staging, production).
Very often, your development environment such as localhost:3000 does not have an HTTPS configuration. This is why we make the HTTP protocol available.
On a Forest production environment, we highly recommend that you use an HTTPS application endpoint (otherwise you’ll see a warning) to get HTTPS enforced on app.forestadmin.com