This is a reference guide for describing all available Hidden Site Settings.
Required user level: Administrator
Hidden site settings in Discourse are advanced configuration options that are not available through the standard admin interface. They provide additional flexibility to customize the functionality of your Discourse instance.
For additional information about modifying hidden site settings, see: Enable Hidden Site Settings.
Below is a reference table of all available hidden site settings available in Discourse
Basic
Settings that help you adjust fundamental aspects of your Discourse instance:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| set_locale_from_cookie | boolean | Allows setting the locale based on cookies if user locale is enabled. | FALSE | 
| max_category_nesting | integer | Sets the maximum number of category nesting levels allowed. | 2 | 
| enable_mobile_theme | boolean | Enables a mobile-specific theme. Disable to use a responsive stylesheet across all devices. | TRUE | 
| enable_direct_s3_uploads | boolean | Allows for direct uploads to S3 without passing through the local server, reducing server load and potentially improving upload performance. | FALSE | 
| enable_upload_debug_mode | boolean | Enables verbose logging for uploads, useful for debugging upload issues. | FALSE | 
| default_theme_id | integer | The default theme ID used for new users and anonymous users. | -1 | 
| enable_badge_sql | boolean | Allows the use of SQL to define badge queries directly within the admin interface. | FALSE | 
| vapid_public_key_bytes | string | Stores the public key used in VAPID authentication, necessary for sending Web Push Notifications. | “” | 
| vapid_public_key | string | Public key used for VAPID authentication for Web Push Notifications. | “” | 
| vapid_private_key | string | Private key used for VAPID authentication for Web Push Notifications. | “” | 
| vapid_base_url | string | The base URL configured for VAPID to assert the server identity in Web Push Notifications. | “” | 
| enable_passkeys | boolean | Enables the use of WebAuthn-based passkeys for secure user authentication without passwords. | TRUE | 
| verbose_upload_logging | boolean | Enables detailed logs for upload process activities, which is helpful for identifying and diagnosing issues with file uploads. | FALSE | 
| verbose_auth_token_logging | boolean | Enables detailed logging for authentication token processes. | FALSE | 
| max_suspicious_distance_km | integer | Defines the maximum distance in kilometers between successive IP addresses for login to be considered suspicious. | 500 | 
| discourse_connect_csrf_protection | boolean | Enables CSRF protection for DiscourseConnect authentication. | TRUE | 
| invites_per_page | integer | Number of invites displayed per page on the invite page. | 50 | 
| max_notifications_per_user | integer | Maximum number of notifications a user can have before older ones are automatically deleted. | 10000 | 
| max_bookmarks_per_user | integer | Maximum number of bookmarks a user can create. | 500 | 
Posting
Customize how posting functions within your Discourse instance:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| show_copy_button_on_codeblocks | boolean | Add a button to codeblocks to copy the block contents to the user’s clipboard | TRUE | 
| disable_watched_word_checking_in_user_fields | boolean | Disables watched word checking in user fields | FALSE | 
| max_draft_length | integer | Sets the maximum length allowed for drafts | 400000 | 
| max_drafts_per_user | integer | Maximum number of drafts a user can have | 10000 | 
| group_pm_user_limit | integer | Maximum number of users that can be included in a group PM | 1000 | 
Manage how emails are sent and received from your Discourse platform:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| bounce_score_erode_on_send | float | Reduces the bounce score each time an email is sent, allowing for quicker recovery from bounces. | 0.1 | 
| email_custom_template | string | Custom HTML template for emails. Used if default needs to be overridden. | “” (empty) | 
| email_custom_css | string | Custom CSS for styling emails. Used if default needs to be overridden. | “” (empty) | 
| email_custom_css_compiled | string | Compiled version of the custom CSS for emails. | “” (empty) | 
| enable_secondary_emails | boolean | Allows users to add secondary email addresses to their profile. | TRUE | 
| max_participant_names | integer | Maximum number of participant names displayed in email notifications for group messages. | 10 | 
Files
Define how files and uploads are managed:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| max_export_file_size_kb | integer | Specifies the maximum file size for exports in kilobytes. | 50000 | 
| export_authorized_extensions | string | Specifies the file extensions that are allowed for exports. | “zip” | 
| secure_uploads_pm_only | boolean | If true, secure uploads are enabled only for private messages. | FALSE | 
| enable_s3_transfer_acceleration | boolean | If true, enables Amazon S3 Transfer Acceleration. | FALSE | 
| s3_http_continue_timeout | integer | Time in seconds to wait for a 100 Continue response from S3 before sending the request payload. | 1 | 
| s3_install_cors_rule | boolean | If true, installs CORS rules on S3 to allow requests from any domain. | TRUE | 
| s3_configure_inventory_policy | boolean | If true, configures the S3 inventory policy for managing and reporting bucket contents. | TRUE | 
| s3_presigned_get_url_expires_after_seconds | integer | Duration in seconds after which a presigned URL for S3 objects will expire. | 300 | 
| decompressed_theme_max_file_size_mb | integer | Maximum file size in megabytes for a theme file after it is decompressed. | 1000 | 
| decompressed_backup_max_file_size_mb | integer | Maximum file size in megabytes for backup files after decompression. | 100000 | 
| composer_media_optimization_image_resize_pre_multiply | boolean | Optimize image handling by pre-multiplying alpha in canvas manipulations to improve image resize quality. | FALSE | 
| composer_media_optimization_image_encode_quality | integer | JPG encode quality used in the re-encode process for image optimization. | 75 | 
| composer_media_optimization_image_resize_linear_rgb | boolean | When resizing, use linear RGB to improve the quality of the resized image. | FALSE | 
| composer_ios_media_optimisation_image_enabled | boolean | Enable specific image optimization strategies on iOS devices to improve performance. | FALSE | 
| video_thumbnails_enabled | boolean | Enables generation of thumbnails for video files uploaded to the forum. | TRUE | 
Security
Adjust security features to match your forum’s needs:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| allow_indexing_non_canonical_urls | boolean | Allows indexing of non-canonical URLs. | TRUE | 
| non_crawler_user_agents | list | List of user agents considered as non-crawlers. | “trident | 
| crawler_user_agents | list | List of user agents considered as crawlers. | “googlebot | 
| browser_update_user_agents | list | User agents for outdated browsers to show update messages. | “MSIE 6 | 
| crawler_check_bypass_agents | string | User agents that can bypass crawler checks. | “cubot” | 
| keep_old_ip_address_count | integer | Number of old IP addresses to keep for each user. | 0 | 
| content_security_policy_collect_reports | boolean | Enables collection of CSP violation reports. | FALSE | 
| allow_embedding_site_in_an_iframe | boolean | Allows the site to be embedded within an iframe on other sites. | FALSE | 
| send_old_credential_reminder_days | integer | Number of days to remind about old credentials. If set to 0, reminders are disabled. | 0 | 
| disable_onebox_media_download_controls | boolean | Disable media download controls in onebox audio/video embeds. | FALSE | 
| can_permanently_delete | boolean | Allows permanent deletion of posts, topics, and post history (ie. complete removal from the database, rather than the typical soft-delete mechanism). | FALSE | 
| suppress_secured_categories_from_admin | boolean | Allows suppressing secured categories even from admins when displaying posts or categories lists. | FALSE | 
| cross_origin_opener_policy_header | string | Sets the Cross-Origin-Opener-Policy header. Available choices: unsafe-none, same-origin, same-origin-allow-popups. | “same-origin-allow-popups” | 
Onebox
Control how oneboxes are handled:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| force_get_hosts | list | Domains where GET request is forced due to issues with HEAD requests | us.battle.netnews.yahoo.com*.medium.com | 
| cache_onebox_response_body | boolean | Indicates whether to cache the response body of a oneboxed URL | FALSE | 
| cache_onebox_response_body_domains | list | List of domains for which the caching of the onebox response body is enabled | “” | 
| cache_onebox_user_agent | string | Custom user-agent used when caching onebox responses, if specified | “” | 
| onebox_user_agent | string | Defines the user agent string used by the Onebox system when making HTTP requests. If the setting is empty, it falls back to a default user agent defined in Onebox.options.user_agent | “” | 
Rate Limits
Manage resources and security through rate limits:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| rate_limit_search_anon_global_per_minute | integer | Global rate limit for anonymous search requests per minute | 150 | 
| rate_limit_search_anon_user_per_minute | integer | Per-user rate limit for anonymous search requests per minute | 15 | 
| rate_limit_search_anon_global_per_second | integer | Global rate limit for anonymous search requests per second | 8 | 
| rate_limit_search_anon_user_per_second | integer | Per-user rate limit for anonymous search requests per second | 2 | 
| rate_limit_search_user | integer | Per-user rate limit for search requests by logged-in users per minute | 30 | 
| max_allowed_secondary_emails | integer | Maximum number of secondary emails a user is allowed to have | 10 | 
| max_batch_presign_multipart_per_minute | integer | Maximum number of batch presign multipart operations a user can initiate per minute | 20 | 
| max_presigned_put_per_minute | integer | Maximum number of presigned PUT operations a user can initiate per minute | 10 | 
| max_create_multipart_per_minute | integer | Maximum number of multipart creations a user can initiate per minute | 10 | 
| max_complete_multipart_per_minute | integer | Maximum number of multipart completions a user can initiate per minute | 10 | 
| max_uploads_per_minute | integer | Maximum number of upload operations a user can initiate per minute | 10 | 
Developer
Tailor the development environment:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| force_hostname | string | Forces a specific hostname for the site. | “” | 
| port | integer | Configures the port number the server listens on. | 80/443 | 
| enable_chunked_encoding | boolean | Enable chunked encoding responses by the server, potentially helping with proxies that buffer responses. | TRUE | 
| long_polling_base_url | string | Base URL to use for long polling, useful for separating CDN traffic from direct site interaction. | “/” | 
| background_polling_interval | integer | Frequency in milliseconds for background polling by clients. | 60000 | 
| polling_interval | integer | Frequency in milliseconds for active polling by logged-in clients. | 60000 | 
| anon_polling_interval | integer | Frequency in milliseconds for anonymous clients to poll the server. | 25000 | 
| rebake_old_posts_count | integer | Number of posts that get rebaked by automated tasks running in the background. | 80 | 
| migrate_to_new_scheme | boolean | Toggles whether to migrate old uploads to a new storage scheme, mainly used during updates. | FALSE | 
| max_new_topics | integer | Maximum number of new topics a user can create, used to prevent spam or system overload. | 500 | 
| wizard_enabled | boolean | Enables or disables the setup wizard shown after installation. | TRUE | 
| bypass_wizard_check | boolean | Allows bypassing the setup wizard completion check, useful for developers or automated setups. | FALSE | 
| logging_provider | enum | Determines the logging framework for the application. Can be ‘default’ or an alternative supported framework. | “default” | 
| bootstrap_error_pages | boolean | Enable or disable bootstrapped, styled error pages. Useful for maintaining style consistency on error pages. | FALSE | 
| experimental_hashtag_search_result_limit | integer | Limits the number of hashtag search results, used for optimizing or controlling the load of hashtag search queries. | 20 | 
| include_associated_account_ids | boolean | Include IDs of associated accounts in certain outputs—useful for more connected account data handling. | FALSE | 
| max_sidebar_section_links | integer | Maximum number of links per sidebar section, controlling UI clutter and performance. | 50 | 
| instrument_gc_stat_per_request | boolean | Whether to collect and log garbage collection stats per each HTTP request—useful for performance tuning. | FALSE | 
| warn_critical_js_deprecations | boolean | Enable warnings for critical JavaScript deprecations to admins—helps in preparing for upgrades or fixes. | TRUE | 
| warn_critical_js_deprecations_message | string | Custom message appended to critical JS deprecation warnings, making the notifications more informative. | “” | 
Embedding
Allow or restrict content embedding:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| embed_by_username | string | Username to use for embedded content. | “” | 
| embed_post_limit | integer | Maximum number of posts to embed from an external source. | 100 | 
| embed_topic_limit_per_page | integer | Maximum number of topics displayed per page for embedded topics. | 200 | 
| embed_title_scrubber | string | Regular expression used to clean up or modify titles in embedded content. | “” | 
| blocked_embed_selectors | string | CSS selectors that specify elements to exclude from embedded content. | “” | 
| allowed_embed_classnames | string | Class names allowed in embedded content, helps in filtering the content style. | “emoji” | 
Backups
Customize backup configurations:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| include_s3_uploads_in_backups | boolean | Determines whether uploads stored in S3 should be included in site backups. | FALSE | 
Search
Optimize the search functionality within your Discourse site:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| user_search_similar_results | boolean | Enables the display of similar results when searching for users. | TRUE | 
| prioritize_exact_search_title_match | boolean | Gives priority to search results that exactly match the search terms in titles. | FALSE | 
| max_duplicate_search_index_terms | integer | Sets the maximum number of duplicate terms indexed for search. | 3 | 
| use_pg_headlines_for_excerpt | boolean | Enable Postgres headline support for generating search excerpts. | FALSE | 
| search_max_indexed_word_length | integer | Maximum length of words indexed for search. | 50 | 
| search_ranking_normalization | boolean | Enables normalization of search rankings to improve result relevance. | TRUE | 
| search_ranking_weights | string | Sets the weighting factors used in search ranking calculations. | “topic_id: 1, post_id: 0.2” | 
| search_recent_regular_posts_offset_post_id | integer | Post ID offset for retrieving recent posts in search results. | 0 | 
| search_enable_recent_regular_posts_offset_size | integer | Determines the number of recent regular posts to consider in search. | 0 | 
| category_search_priority_low_weight | integer | Sets the lower weighting for prioritizing categories in search results. | 1 | 
| category_search_priority_high_weight | integer | Sets the higher weighting for prioritizing categories in search results. | 2 | 
| search_page_size | integer | Number of results per page in search queries. | 50 | 
Uncategorized
Various settings that don’t fit under other categories:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| has_login_hint | boolean | Determines if login hints should appear | FALSE | 
| min_new_topics_time | integer | Minimum time between new topics | 0 | 
| general_category_id | integer | ID for the general category | -1 | 
| meta_category_id | integer | ID for the meta category | -1 | 
| staff_category_id | integer | ID for the staff category | -1 | 
| uncategorized_category_id | integer | ID for the uncategorized category | -1 | 
| backup_drafts_to_pm_length | integer | Length of drafts in PMs before backup is needed | 0 | 
| view_user_route | string | Default user profile page section | “summary” | 
| tos_topic_id | integer | ID for the Terms of Service topic | -1 | 
| guidelines_topic_id | integer | ID for the guidelines topic | -1 | 
| privacy_topic_id | integer | ID for the privacy policy topic | -1 | 
| welcome_topic_id | integer | ID for the welcome topic | -1 | 
| admin_quick_start_topic_id | integer | ID for the admin quick start guide topic | -1 | 
| bootstrap_mode_enabled | boolean | Determines if bootstrap mode is enabled. When enabled, this mode is designed to help the forum scale up efficiently during the initial stages after setup. Once the number of users specified in the bootstrap_mode_min_userssetting has been registered on the forum, the bootstrap mode is automatically turned off. | FALSE | 
| ios_app_id | string | App Store ID for the iOS app | “1173672076” | 
| android_app_id | string | Play Store ID for the Android app | “com.discourse” | 
| pwa_display_browser_regex | string | Regex to determine if PWA display is set to ‘browser’ | “.*” | 
| always_include_topic_excerpts | boolean | Include topic excerpts every time | FALSE | 
| max_bulk_invites | integer | Maximum number of bulk invites possible | 50,000 | 
| skip_email_bulk_invites | boolean | Skip sending emails in bulk invites | FALSE | 
| max_api_invites | integer | Maximum number of invites per API request | 10 | 
| overridden_robots_txt | string | Custom rules for robots.txt | “” | 
| show_category_definitions_in_topic_lists | boolean | Show category definition posts in topic lists | FALSE | 
| use_polymorphic_bookmarks | boolean | Enable polymorphic bookmarks support | FALSE | 
| max_automatic_membership_email_domains | integer | Maximum number of automatic membership email domains possible | 50 | 
API
Manage how the API operates within your Discourse instance:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| api_key_last_used_epoch | integer | Tracks the last used epoch time for API keys. Not directly accessible or editable. | # Value is added in a migration | 
| revoke_api_keys_maxlife_days | integer | Number of days before an API key is automatically revoked, set to 0 for never. | 0 | 
Dashboard
Adjust which reports are displayed in the admin dashboard and how hot topics are defined:
| Site Setting | Type | Description | Default Value | 
|---|---|---|---|
| dashboard_hidden_reports | list | Specifies which dashboard reports to hide. | “” | 
| verbose_user_stat_count_logging | boolean | Enables verbose logging for user statistics count updates. | FALSE | 
| hot_topics_gravity | float | Controls the gravity setting used in the hot topics calculation. | 1.2 | 
| hot_topics_recent_days | integer | Defines the number of recent days to consider for calculating hot topic scores. | 7 | 
Last edited by @MarkDoerr 2025-09-23T01:53:35Z
Last checked by @MarkDoerr 2025-09-23T01:53:48Z
Check document
Perform check on document: