IMPORTANT: This version of Sitefinity CMS is out of support and the respective product documentation is no longer maintained and can be outdated. Use the version selector to view a supported product version.

Administration: Configure the HTTP response headers

Sitefinity CMS come with a set of predefined headers. You can configure them separately and you can turn them on and off separately.

To configure the security headers, perform the following:

In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
In the tree on the left, expand WebSecurity » HttpSecurityHeaders » ResponseHeaders.
A list of the predefined headers appear.
Click the header that you want to configure.
Edit the Http header value input field or select Disable checkbox.
NOTE: You can globally disable all security headers, by navigation to Administration » Settings » Advanced » WebSecurity » HttpSecurityHeaders and selecting Disable sending security headers in the http response checkbox. We do not recommend using this option.
Save your changes.

For more information about the headers, see Predefined security headers in HTTP response

NOTE: There are headers that support reporting. If you want to turn on the Content-Security-Policy-Report-Only or the Public-Key-Pins -Report-Only headers, you must disable the Content-Security-Policy and the Public-Key-Pins headers, respectively.
For more information, see Administration: Configure reporting.

Next: Predefined security headers in HTTP response

Was this article helpful?

Yes No

Administration: Configure the HTTP response headers

Was this article helpful?

Would you like to submit additional feedback?

Additional resources

External links