Version
Sitefinity 15.1 Sitefinity 15.0 Sitefinity 14.4 Sitefinity 14.0 Sitefinity 13.3

Topics

All topics

Configure reporting

Overview
PREREQUISITES: To activate reporting, perform the following:
  1. Make sure the Diagnostics module turned on.
    For more information, see Performance Diagnostics module.
  2. Make sure the Http Headers profiler is running.
    To do this, navigate to Administration » Diagnostics » Profilers.

NOTE: The following headers are preconfigured for reporting, you can change the reporting URI, or you can leave the default value.
The default report URI used by the diagnostics HTTP headers profiler is /Sitefinity/Frontend/Diagnostics/HttpHeadersReport

Configure the reporting headers

To configure the reporting headers, perform the following:

  1. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
  2. In the tree on the left, expand WebSecurity » HttpSecurityHeaders » ResponseHeaders.
    A list of the predefined headers appear. Locate the Content-Security-Policy-Report-Only or Public-Key-Pins-Report-Only headers.
  3. Click the header that you want to configure.
  4. Edit the HTTP header value input field or select Disable checkbox.

Configure the Content-Security-Policy-Report-Only header
If you do not want to control the resources used, but only get a report, perform the following:
  1. Disable the Trusted sources security policy. For more information see: Configure the security policies and HTTP response headers
  2. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
  3. In the tree on the left, expand WebSecurity » HttpSecurityHeaders » ResponseHeaders.
  4. Locate the Content-Security-Policy-Report-Only header and click on it.
  5. Uncheck the Disable checkbox
  6. Configure the response URI of the header in the Http header value field.
  7. Save your changes.

Configure the Public-Key-Pins-Report-Only header

 Perform the following:
  1. Disable the Public keys for web servers security policy. For more information see, Configure the security policies and HTTP response headers
  2. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
  3. In the tree on the left, expand WebSecurity » HttpSecurityHeaders » ResponseHeaders.
  4. Locate the Public-Key-Pins-Report-Only header and click on it.
  5. Uncheck the Disable checkbox.
  6. Configure the response URI of the header in the Http header value field.
  7. Save your changes.

Configure the X-XSS-Protection header

Perform the following:

  1. Enable the Enable prevention of cross-scripting attack security policy. For more information see: Configure the security policies and HTTP response headers
  2. Configure the response URI of the header in the Http header value field.

    NOTE: Value 1, entered in the field before the response URI, means the all attacks will be blocked and reported to the configured URI.

View reports

After you have configured one or more headers to report activity, you can view the reports.
Perform the following:

  1. In Sitefinity CMS backend, navigate to Administration » Diagnostics.
  2. In the left pane, click HTTP headers warnings.
    A list of warnings appears.
  3. To check the details, click View details link of the respective warning.

Additional resources

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

Configure redirect validation