HTTP Strict Transport Security (HSTS) is available for MDaemon's Webmail and Remote Administration web servers. This feature will inform browsers to never connect to Webmail or Remote administration over HTTP.
Follow the steps below to enable HTTP Strict Transport Security (HSTS).- Login to Remote Administration as the Global Administrator.
- Select Main
- Select Webmail Settings
- Select Web Server
- Enter Strict-Transport-Security for the Header Name in the HTTP Response Headers section.
- Enter the 'max-age' value and options in the Header Value section.
- The max-age value is the number of seconds that the browser should remember the site should only access the site via HTTPS.
- max-age=31536000 is a standard value. 31536000 seconds equals 12 months.
- (optional) Add includeSubDomains to apply to the site's subdomains.
- Example: max-age=31536000; includeSubDomains
- Select Add
- Enter UseHTTPStrictTransportSecurity for the Header Name in the HTTP Response Headers section.
- Enter Yes for the header value.
- Select Add
These steps can be replicated for Remote Administration.
- Select Main
- Select Remote Admin Settings
- Select Web Server
- Add the same headers and values for the Webmail settings under HTTP Response Headers.