Traffic Encryption

Contentstack Launch ensures secure, encrypted connections for all deployments with built-in HTTPS and TLS support.

All deployments in Launch are served over HTTPS by default. Launch automatically provisions and manages secure SSL certificates to protect your applications. You can also bring your own certificate if needed.

Launch automatically redirects all incoming HTTP requests to HTTPS using the HTTP 308 Permanent Redirect status code.

This redirection is enforced and cannot be disabled, following industry best practices for secure content delivery. It helps protect end-user data and ensures privacy throughout the browsing experience.

Launch supports the following modern and secure versions of the Transport Layer Security (TLS) protocol to ensure data integrity and confidentiality:

• TLS 1.2
• TLS 1.3

To maintain broad client compatibility, Launch supports a wide set of cipher suites.

TLS 1.3:

• TLS_AES_128_GCM_SHA256
• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256

TLS 1.2:

• ECDHE-ECDSA-AES128-GCM-SHA256
• ECDHE-ECDSA-CHACHA20-POLY1305
• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-RSA-CHACHA20-POLY1305
• ECDHE-ECDSA-AES256-GCM-SHA384
• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-ECDSA-AES128-SHA256
• ECDHE-RSA-AES128-SHA256
• ECDHE-ECDSA-AES256-SHA384
• ECDHE-RSA-AES256-SHA384

Note: This configuration follows Mozilla’s recommended cipher suite policy.