Reference - Configuration keys

CMSForbiddenURLValues

Specifies characters that are forbidden in page URLs (see content tree-based routing). Forbidden characters are automatically replaced by the character specified in the Forbidden characters replacement setting in Settings → URLs and SEO.

By default, the following characters are forbidden:

\/:*?"<>|&%.’#[]+=„“ and the space character.

If you add this key, its value overrides the default forbidden character set. You can either allow some of the forbidden characters or add new ones.

We recommend keeping the default characters forbidden, since they may prevent URLs from working correctly.

"CMSForbiddenURLValues": "$\\/:?"<>|&%.'#[] ="

CMSHashStringSalt

Sets the salt value the system uses in hash functions, for example when creating macro signatures. If a specific hash salt value is not assigned during the installation of a new Xperience project, the key is set to a random GUID.

If you plan to deploy your project to the SaaS environment, use the hash salt value provided in Xperience Portal.

Note: Changing the hash salt on an instance with defined content may prevent macros from resolving correctly. If you encounter such problems, you must re-sign macros (the system then creates the hashes using the new salt).

"CMSHashStringSalt": "eb2d6fac-8b9e-427c-b98b-3c562dffbb35",

Random GUID

CMSImageExtensions

Specifies the file extensions that the system recognizes as image files. For example, files of these types are offered in the Insert image dialog of the rich text editor.

Note: If this key is not configured, the system attempts to automatically detect and support any media image file type. Adding the key disables the automatic detection, and only the explicitly listed file types are supported as images.

"CMSImageExtensions": "bmp;gif;ico;png;wmf;jpg;jpeg;tiff;tif;webp;svg;avif"

bmp;gif;ico;png;
wmf;jpg;jpeg;tiff;
tif;webp;svg;avif;
jfif;jfi;jif;jpe;dib

CMSLogKeepPercent

The size of the system’s event log is limited by the Settings → System → Event log size setting. This key determines the extra percentage of events that is retained in the log over the specified limit. This percentage of the oldest events is deleted by batch when the percentage is exceeded.

For example, if the event log size is 1000 and the CMSLogKeepPercent is 20, the event log can contain up to 1200 events, and the 200 oldest events are deleted when the log size reaches 1201.

If the key is set to 0, the event log retains the exact number of records specified by the limit.

"CMSLogKeepPercent": 20,

10

CMSBuilderScriptsIncludeJQuery

Determines whether the system links the jQuery 3.5.1 library to live site pages containing Page Builder content or forms.

Set to true if you want to include jQuery on pages with Page Builder and Form Builder content. See Bundle static assets of builder components.

{
    "CMSBuilderScriptsIncludeJQuery": true
} 

false

CMSCIEncoding

Sets the character encoding used when the CI/CD features generate non-binary files in the repository folder. The key supports values matching the encoding names listed in the Encoding Class article.

Changing the value of the CMSCIEncoding key does not update the encoding type of existing files in the repository folder. To fully update the encoding of the repository content, you need to:

• Run complete serialization for all objects.
• Manually update the encoding type of your repository configuration file.

"CMSCIEncoding": "utf-16",

utf-8

CMSCIRepositoryPath

Sets the location of the Continuous Integration file repository root folder. The key’s value must be an absolute or relative path of a folder on a local drive, or a network location for which the application has sufficient permissions.

The specified location is used when serializing object data to the file system and when restoring data back to the database. The key also allows you to set a shared Continuous Integration repository when developing multiple projects with the same database.

"CMSCIRepositoryPath": "C:\\ExternalSourceControl\\CIRepository",

App_Data\CIRepository

CMSProcessContactActionsInterval

Sets the interval (in seconds) in which contact data and activities are batch processed by the system. Consider raising the interval if your system processes a large number of activities.

The interval affects the following:

• How often the application saves logged activities and contact detail updates from the memory into the database.
• How often the system recalculates data that could be affected by activities and contact updates, such as contact groups.

"CMSProcessContactActionsInterval": 30,

10

CMSCreateContactActionsLogWorker

If enabled, all web farm servers recalculate contact groups.

If you wish to improve performance, you can set this key to false for one or more of your web farm servers, and the recalculation will be disabled for them.

Note: If you set the key value to false for all of your web farm servers, the recalculation will be disabled completely.

"CMSCreateContactActionsLogWorker": false,

true

Enable

Specifies whether headless channel endpoints are enabled (both GraphQL API and Tracking API endpoints).

true

EnableTracking

Specifies whether Tracking API endpoints are enabled. Allows you to disable the tracking API while keeping the GraphQL API enabled. The default value is true.

true

EnableComplexity

Specifies whether complexity analysis is enabled.

true

AllowIntrospection

Specifies whether GraphQL introspection is enabled (__schema queries and GUI tools for exploring the schema).

false

GraphQlEndpointPath

Specifies the slug used in headless channel GraphQL endpoint URLs. Must include the leading slash (‘/’).

/graphql

CorsAllowedOrigins

Specifies domains that are allowed origins for CORS (Cross-Origin Resource Sharing). See Retrieve headless content to learn more.

Note: We recommend configuring allowed origins for CORS in the Settings application within the Xperience administration, via the Content → Headless → Allowed origins setting. The setting overrides any values set in your application’s configuration file or startup options.

""

CorsAllowedHeaders

Indicates which HTTP headers are allowed for content retrieval requests. If not set, all headers are allowed by default. See Retrieve headless content to learn more.

All headers

Caching

Contains options which allow you to customize caching behavior for headless content. The default values provide optimal caching performance for most projects.

• Enable – a boolean value that specifies whether caching is enabled. The default value is true.
• UseRequestCacheControlHeaders – a boolean property that specifies whether caching respects the Cache-Control header of individual requests. The default value is true.
• AddResponseCacheControlHeaders – a boolean property that specifies whether caching sets the Cache-Control response header. The default value is true.
• UseCacheDependencies – a boolean property that specifies whether caching uses cache dependencies to flush the cache when data in a cached response changes. The default value is true.
• AbsoluteExpiration – specifies the maximum expiration time for a cache entry in minutes. The default value is 12 hours.
• SlidingExpiration – specifies a sliding expiration date for cache entries in minutes. Cannot exceed the value of AbsoluteExpiration. The default value is 1 hour.
• SizeLimit – maximum size for in-memory cache in bytes. The default value is 100 megabytes.

See Description

AdminRedirectOptions

Used when configuring a dedicated administration domain.

CMSAdminClientModuleSettings

Configures the client module in the Xperience web application. See section Add the boilerplate to an Xperience project.

CMSDeleteTemporaryUploadFilesOlderThan

Sets the interval (in hours) at which the system deletes the contents of the temporary folder that stores files uploaded through the Upload file component in Form Builder. See section Protect against Denial of Service for more information.

2

CMSPhysicalFilesCacheMinutes

Sets client cache expiration time (in minutes) for physical files served by Xperience through the GetResource handler. See File caching for more information.

10 080
(1 week)

CMSStorageProviderAssembly

Configures the assembly name of a custom file system provider.

CMSAzureAccountName, CMSAzureSharedKey

Specifies the account name and the primary access key for Azure Blob storage. Used in the process of mapping parts of the file system to Azure Blob storage when deploying to private cloud.

CMSAzureTempPath, CMSAzureCachePath, CMSAzureBlobEndPoint, CMSAzurePublicContainer, CMSDownloadBlobTimeout

Keys used for optional application settings for Azure storage. Applicable only for private cloud deployments.

WebsiteChannelDomains

Configures domain overrides for website channels when using private cloud.

EmailChannelDomains

Configures domain overrides for email channels when using private cloud.

HeadlessChannelUrls

Configures URL overrides for headless channels.

SystemSmtpOptions

Used to configure SMTP server for system emails and notifications that do not belong under a specific email channel. Contains the Server option with nested options Host, Port, Username, Password and optional encoding options. See SMTP servers for details and for information about configuration of specific email channels.

SmtpOptions

Used for setting the fallback SMTP configuration for system emails, notifications and and all email channels without their own dedicated configuration. Contains the Server option with nested options Host, Port, Username, Password and optional encoding options. See SMTP servers for details and for information about configuration of specific email channels.

SystemSendGridClientOptions

Used for configuration of system emails and notification that don’t belong to a specific channel when using SendGrid integration for private cloud environments. You can configure SendGrid for other email channels in a similar way.

SystemEmailOptions

Configures the global sending domain for system emails, i.e. sending domain for all notications and other system emails that are not created under a specific email channel.

The specified domain is used when sending system emails and notifications if only the local part of the sender address is set (e.g., via the Notifications application).

BouncedEmailsGlobalOptions

Contains the SoftBounceLimit option that limits the number of soft bounces allowed before an email address is excluded when sending emails to any recipient list. Used when setting up email tracking. Applicable only if you send emails using SMPT server. See section SMTP server for information about configuration of BouncedEmailsOptions for every email channel.