Activate and deactivate the Web security module

In your Sitefinity CMS backend, navigate to Administration » Modules & Services and activate the Web security module.

By default, the Web security module state is as follows:

New projects
By default, new projects have the Web security module turned on.
Upgraded projects
By default, upgraded projects have the Web security module turned off.
To use its features, you must activate the module.

IMPORTANT: Turning on Web Security module and security HTTP response Headers on a running site may cause content to be blocked by the browser. You have to configure the restrictions for your site – for example, which external sources are trusted and to allow loading resources from them.

Additional resources

OWASP: Security headers

External

List of HTTP security headers

External

Check your website headers

External

Want to learn more?

Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.

Get started with Integration Hub | Sitefinity Cloud

This free lesson teaches administrators, marketers, and other business professionals how to use Sitefinity Integration Hub to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting your Sitefinity instance and your sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.