Config (conf/config.xml)

Each site may have a config.xml file in the conf directory. It is the main configuration file for settings that affect the built-in behaviour.


The configuration comprises settings in settings groups. The basic format is:

    <setting-a />
    <setting-b enable="true" />

Associated settings are grouped together in settings groups. Each setting can be enabled or disabled with the enable attribute. You can omit enable="true": Defining only the element itself reads enabled. If a setting is not explicitly defined, the system default is used (which may also be disabled as documented below).

If a setting with attributes besides enable (e.g. error-handling/request-errors) is disabled, all attributes will be disregarded. Thus their respective default values are used.

Only the first occurrence of a setting is read. Subsequent definitions of the same setting are ignored.


The following example contains all available settings:

    <exceptions default="fit://site/public/errors/exception.html" />
    <request-errors default="fit://site/public/errors/error.html" />
    <missing-icons />

    <force-client-https />
    <force-backend-https />

    <pass-cache-headers />
    <fit-cookies />
    <remove-redirect-bodies />

    <dc />
    <ajax />
    <url [ images="true" ] />
    <event />
    <orientation />

    <force-https [external-media="true"] />
    <force-absolute />
    <translate-fidj />
    <sitemaps />
    <trailing-marks />

    <image-scaling [ quality="70" ] [ scaling-cache="false" ] [ scaling-height="" ] [ scaling-width="" ] [ viewport-fitting=" max | current | landscape | portrait " ] [ pass-on-enlargement="false" ] [ add-size-attributes="true" ] />
    <detection-page [ title="FIT14 Detection Page" ] [ include-pattern=".*" ] [ exclude-pattern="" ] />
    <dom-filter />
    <text-filter />

    <image-delaying [ prioritization=" visibility | auto " ] [ visibility-offset-x="disabled" ] [ visibility-offset-y="150" ] />
    <iframe-delaying [ visibility-offset-x="disabled" ] [ visibility-offset-y="150" ] />
    <image-inlining [ force-explicit="true" ] />
    <image-compression [ preset=" quality | performance | balanced" ] [ quality="80" ] [ d="0.002" ] />
    <partial-page-loading />
    <advanced-cache-control [ low-precision-viewport="true" ] [ ignore-viewport-height="true" ] />
    <script-manager />
    <document-write-deferring />
    <script-inlining [ force-explicit="true" ] />
    <style-inlining [ force-explicit="true" ] />
    <head-reordering [ remove-duplicates="true" ] />
    <script-minifying />
    <style-minifying [ strip-prefixes="true" ] />
    <svg-minifying />
    <html-minifying [ textnode-whitespaces="false" comments="false" class-attribute-whitespaces="false" clear-attributes="false" attribute-quotes="false" optional-tags="false" ] />
    <responsive-image-filtering />
    <filter-media-queries [ desktop=" true | false " ] />
    <style-concat [ ac-styles=" true | false " ] [ external-styles=" true | false " ] [ exclude-pattern=" " ] [ combine=" true | false " ] />
    <ie-comment-resolving />
    <webfont-compression />

    <retain-html-fragments />
    <html5-parser />
    <json-parser />

Default values

If not stated otherwise, all settings below default to false. That means, you have to enable it explicitly by defining the setting in your config. Some settings control standard behaviour of the engine and are thus enabled by default. You can disable them by defining the setting in your config with enable="false".

Error Handling

The Error Handling allows you to create your own error page templates.

  • exceptions: The document referenced as FIDJ URI in the default attribute is used for fatal errors.
  • request-errors: The document referenced as FIDJ URI in the default attribute is used by default-request, request and requests actions if no proper HTTP response was received.
  • missing-icons: If enabled, missing icons (favicon.ico, favicon.png, apple-touch-icon.png and apple-touch-icon-precomposed.png) will always return a plain text error message “Icon missing” and HTTP status code 404 to reduce the payload and preserve server resources.


  • force-client-https: Ensures that the client connection is HTTPS. HTTP requests are redirected to HTTPS with the HTTP status code 301 Moved Permanently.
  • force-backend-https: Ensures that all backend connections are HTTPS. HTTP requests will be prohibited.


  • pass-cache-headers: Defaults to true. If enabled, If-Modified-Since and If-None-Match headers are passed from the client to the main source. Pragma, Cache-Control, Expires, ETag and Last-Modified headers as well as 304 not modified HTTP status codes from the source of the main request are passed to the client.
  • fit-cookies: Defaults to true. If enabled, cookies set by origin servers will be passed to the client and back. If disabled, cookies are not automatically passed between the client and sources. By default, cookies are exchanged with the client in an envelope cookie that allows FIT to recover the original domain and path information. The cookie envelope can be disabled with the transparent flag. See FIT cookies for more information.
  • remove-redirect-bodies: Defaults to true. If enabled, the response body will be discarded if a redirect is received.

JavaScript API

URL Rewriting

While most rewriting options are defined in the document itself, some global options are available:

  • url-rewriting/force-https: If enabled, URLs allowed by the ACLs will be rewritten to the configured HTTPS domain.
    • If external-media is set to true, all external media URLs with standard ports will be rewritten to HTTPS, too. This can prevent/fix mixed content warnings.
  • url-rewriting/force-absolute: If enabled, all FIT URLs will be absolute, even if they point to the same protocol and domain.
  • url-rewriting/translate-fidj: If enabled, all remaining FIDJ URIs will be stripped (private) or translated to URLs that are accessible for the client. Default: enable="true"
  • url-rewriting/sitemaps: If enabled, FIT automatically detects sitemap files and rewrites URLs in the loc elements. Default: enable="false"
  • url-rewriting/trailing-marks: If enabled, FIT places the URL Marks in the basename of an URL to allow broader use of transparent cookies. Default: enable="false"

Some servers may not support HTTPS. In this case, if url-rewriting/force-https/external-media is set to true, some resources (e.g. images) can not be loaded, so that broken images are displayed on your website.

RESS (RWD with Server Side Components)


Content Handling


The current values of the configuration settings will be logged in the config channel at the debug level each time they are used.

The state denotes whether the value is a system default value or was configured by the user:

  • default: The respective system default value is used.
  • configured: The value was configured in the config.xml or during the flow.


debug   [config]     Config "ress/text-filter'" is enabled (configured)
debug   [config]     Config "ress/dom-filter'" is disabled (default)
debug   [config]     Config "url-rewriting/force-absolute" is enabled (default)