Hi, Could you please explain how I implement security headers in your proprietary webserver. According to https://securityheaders.com/ our url to our monitoring server is missing the following headers. Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, Referrer-Policy, Feature-Policy
I am aware that there is an option to add headers, but I have no idea how.
Thank you! Dennis
Article Comments
Hi Birk,
It has been a almost a year since I posted the question about the security headers. Is there any development in this matter? I hope this problem is taken seriously.
Kind regards, Dennis
Dec, 2020 - Permalink
Hi Dennis,
I'm afraid, there is still no ETA for those changes yet. In order to push this further, you can give a vote for this feature request. I think it should fit your requirements.
Kind regards,
Birk Guttmann, Tech Support Team
Dec, 2020 - Permalink
Missing header related issues I have noticed as well.
As of 22.3.79 PRTG does include any content-type header when sending data via the HTTP Action. This leads to errors if the other party assumes the wrong content-type, which happens often since no-sniff should be enabled for security. This seems to be an oversight that could impact many potential integrations.
Oct, 2022 - Permalink
Hi there,
These Headers will not be supported or integrated in the current web server of PRTG. We are working on a successor of the webserver an are making good progress in there. Please bear with me that I cannot share any ETA for the final release yet.
?You can also think of using a third party reverse proxy server inbetween to adjust the HTTP headers to your needs in the meantime.
Kind regards,
Felix Saure, Tech Support Team
Oct, 2022 - Permalink
Dear Felix,
We see that the last answer is from Oct 2022. We have the final version at the moment, and we request a scan for the PRTG and it shows the "Content Security Policy (CSP) Header Not Set".
Any chance that the update on the server can solve this without the need of a third party reverse proxy?
Best regards,
Apr, 2023 - Permalink
Dear Felix,
As we see that this answer is from Oct 2020. Could you confirm if you have a ETA for final release. We get an scan on the PRTG Tools and it bring that the CSP header are not SET.
Best regards,
Apr, 2023 - Permalink
Hello,
We're making good progress with the new webserver. Unfortunately there is no ETA we cannot share yet, pardon.
Kind regards,
Felix Saure, Technical Support Team
Apr, 2023 - Permalink
Hi Dennis,
Unfortunately it's not possible to implement additional security headers to the PRTG Web Server. This is planned for the future, but there is no release date for now.
Kind regards,
Birk Guttmann, Tech Support Team
Jan, 2019 - Permalink