Reference library

Sitekit CMS Help» Reference library» Configuring and administering» Site Settings» Cookie Policy & Security
Article number: 300959

Cookie Policy & Security

cookie policy security

Cookie privacy level

You can select one of three cookie privacy levels, as shown below, which control the behaviour of Sitekit CMS cookies.

  • HIGH. This disables visitor tracking and extranet session cookies. This setting provides maximum privacy, but can not be used with an extranet as they require a cookie for the visitor to stay logged in. Without it an extranet user would have to log in every time an extranet page is loaded.

    When privacy is set to High, the SKSession, SKTID, SitekitLogin, skdXXXX cookies are deleted and never recreated.

  • MEDIUM. This disables visitor tracking - so you can no longer build up a picture of how visitors navigate your site, making it harder to improve your site design. But the extranet sessions cookie is enabled, making it possible for extranet users to navigate an extranet without being prompted to log in after every page load.

    When privacy is Medium, the SKTID cookie is not created, whilst the SKSession cookie is created only when a user logs in, and deleted when the user logs out again. The SitekitLogin cookie will persist.

  • LOW. The default setting, which enables both visitor tracking and extranet session cookie functions.

    When privacy is Low, the SKSession and SKTID cookies will be written as soon as someone visits a page. While they are logged in, the cookie expiry period will be based on the extranet session timeout, specified in Site Settings. But as soon as they log out, the expiry period will become one year. In other words this cookie has a one year life, but is still subject to extranet security restrictions.

Admin login endpoint

(11.2) Allows you to change the endpoint for the admin login screen. You can include a full URL or a relative URL, dependent on whether you want to restrict admin to a specific domain on your site, or allow login via any domain associated with your site. Example inputs:-

  • /sk-admin
  • https://www.mydomain.com/login
  • http://mydomain.sitekit.net/access

X-Frame-Options

(11.2) Allows you to control the X-Frame-Options http header for your site to prevent clickjacking attacks. There are three possible directives:-

  1. deny (your site cannot be loaded in a frame)
  2. sameorigin (only your own site can load its own content in a frame)
  3. allow-from https://example.com/ (only the specified domain can load content from your site in a frame)

 

Related questions