Sitefinity CMS comes with a set of predefined security policies. The Web security module reads the configuration for each security policy and sets the value of the corresponding HTTP response headers. You can configure the security policies separately and you can turn them on and off separately.
To configure the security headers, perform the following:
NOTE: There are headers that support reporting. If you want to turn on the Content-Security-Policy-Report-Only or the Public-Key-Pins -Report-Only headers, you must disable the Content-Security-Policy and the Public-Key-Pins headers, respectively.
Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.
This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.
This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important