Secure Profile provides a recommended baseline configuration for a secured system. This is a powerful tool, but settings here should only be considered recommendations. Do not assume your system is “secure” after checking this option. Security is a process, not a destination. The only way to arrive at optimal settings for your application is through rigorous penetration testing of your application.

Review each of the settings listed in the summary. Each will need to be tested against all applications running on that instance of ColdFusion for compatibility.

It is a best practice to enable secure profile on production systems or to manually adjust the settings as specified. We also recommend mirroring this configuration across your development and test servers to avoid issues when deploying code to production servers.

Tip: Be sure to review our ColdFusion security recommendations to help secure your server.