What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Implement security headers

Votes:

3

Hi, Could you please explain how I implement security headers in your proprietary webserver. According to https://securityheaders.com/ our url to our monitoring server is missing the following headers. Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, Referrer-Policy, Feature-Policy

I am aware that there is an option to add headers, but I have no idea how.

Thank you! Dennis

hsts securityheaders webserver x-frame

Created on Jan 15, 2019 8:33:57 AM



Best Answer

Accepted Answer

Votes:

0

Hi there,

These Headers will not be supported or integrated in the current web server of PRTG. We are working on a successor of the webserver an are making good progress in there. Please bear with me that I cannot share any ETA for the final release yet.

​You can also think of using a third party reverse proxy server inbetween to adjust the HTTP headers to your needs in the meantime.

Kind regards,
Felix Saure, Tech Support Team

Created on Oct 20, 2022 11:25:24 AM by Felix Saure [Paessler Support]



8 Replies

Votes:

0

Hi Dennis,

Unfortunately it's not possible to implement additional security headers to the PRTG Web Server. This is planned for the future, but there is no release date for now.

Kind regards,
Birk Guttmann, Tech Support Team

Created on Jan 16, 2019 2:46:49 PM by Birk Guttmann [Paessler Support]



Votes:

0

Hi Birk,

It has been a almost a year since I posted the question about the security headers. Is there any development in this matter? I hope this problem is taken seriously.

Kind regards, Dennis

Created on Dec 21, 2020 7:17:37 AM



Votes:

0

Hi Dennis,

I'm afraid, there is still no ETA for those changes yet. In order to push this further, you can give a vote for this feature request. I think it should fit your requirements.

Kind regards,
Birk Guttmann, Tech Support Team

Created on Dec 21, 2020 9:32:57 AM by Birk Guttmann [Paessler Support]



Votes:

0

Missing header related issues I have noticed as well.

As of 22.3.79 PRTG does include any content-type header when sending data via the HTTP Action. This leads to errors if the other party assumes the wrong content-type, which happens often since no-sniff should be enabled for security. This seems to be an oversight that could impact many potential integrations.

Created on Oct 19, 2022 7:50:29 PM



Accepted Answer

Votes:

0

Hi there,

These Headers will not be supported or integrated in the current web server of PRTG. We are working on a successor of the webserver an are making good progress in there. Please bear with me that I cannot share any ETA for the final release yet.

​You can also think of using a third party reverse proxy server inbetween to adjust the HTTP headers to your needs in the meantime.

Kind regards,
Felix Saure, Tech Support Team

Created on Oct 20, 2022 11:25:24 AM by Felix Saure [Paessler Support]



Votes:

0

Dear Felix,

We see that the last answer is from Oct 2022. We have the final version at the moment, and we request a scan for the PRTG and it shows the "Content Security Policy (CSP) Header Not Set".

Any chance that the update on the server can solve this without the need of a third party reverse proxy?

Best regards,

Created on Apr 25, 2023 2:48:24 PM



Votes:

0

Dear Felix,

As we see that this answer is from Oct 2020. Could you confirm if you have a ETA for final release. We get an scan on the PRTG Tools and it bring that the CSP header are not SET.

Best regards,

Created on Apr 25, 2023 9:32:09 PM



Votes:

0

Hello,

We're making good progress with the new webserver. Unfortunately there is no ETA we cannot share yet, pardon.

Kind regards,
Felix Saure, Technical Support Team

Created on Apr 27, 2023 7:30:18 AM by Felix Saure [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.