Sitefinity CMS come with a set of predefined headers. You can configure them separately and you can turn them on and off separately.
To configure the security headers, perform the following:
NOTE: You can globally disable all security headers, by navigation to Administration » Settings » Advanced » WebSecurity » HttpSecurityHeaders and selecting Disable sending security headers in the http response checkbox. We do not recommend using this option.
For more information about the headers, see Predefined security headers in HTTP response
NOTE: There are headers that support reporting. If you want to turn on the Content-Security-Policy-Report-Only or the Public-Key-Pins -Report-Only headers, you must disable the Content-Security-Policy and the Public-Key-Pins headers, respectively.
For more information, see Administration: Configure reporting.
Back To Top
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important
Copyright © 2022 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, Ipswitch, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.
Powered by Progress Sitefinity