1. Knowledge Base
  2. MDaemon® Email Server

What are the recommended HTTP Response Headers?

MDaemon version 22.0 includes additional HTTP response headers for added Webmail/Remote Administrator site security. These headers can be added to prior versions of MDaemon.

By default, MDaemon versions 22.0 and above contain the following HTTP Response headers:

Content-Security-Policy: img-src * data:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';child-src 'self' data:
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1

These headers can be replicated in prior versions of MDaemon.

  1. Login to Remote Administration as the Global Administrator.
  2. Select Main
  3. Select Webmail/Remote Admin Settings
  4. Select Web Server
  5. Navigate to the HTTP Response Header section to add headers and values.

HTTP Strict Transport Security (HSTS) policy/headers can be added for additional security.  See the article below to configure HSTS.

How to enable HTTP Strict Transport Security (HSTS) in MDaemon for Webmail and Remote Administration