Administration: Configure the HTTP response headers
Sitefinity CMS come with a set of predefined headers. You can configure them separately and you can turn them on and off separately.
To configure the security headers, perform the following:
- In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
- In the tree on the left, expand WebSecurity » HttpSecurityHeaders » ResponseHeaders.
A list of the predefined headers appear.
- Click the header that you want to configure.
- Edit the Http header value input field or select Disable checkbox.
NOTE: You can globally disable all security headers, by navigation to Administration » Settings » Advanced » WebSecurity » HttpSecurityHeaders and selecting Disable sending security headers in the http response checkbox. We do not recommend using this option.
- Save your changes.
For more information about the headers, see Predefined security headers in HTTP response
NOTE: There are headers that support reporting. If you want to turn on the Content-Security-Policy-Report-Only or the Public-Key-Pins -Report-Only headers, you must disable the Content-Security-Policy and the Public-Key-Pins headers, respectively.
For more information, see Administration: Configure reporting.