MDaemon version 22.0 includes additional HTTP response headers for added Webmail/Remote Administrator site security. These headers can be added to prior versions of MDaemon.
By default, MDaemon versions 22.0 and above contain the following HTTP Response headers:
Content-Security-Policy: img-src * data:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';child-src 'self' data:
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1
These headers can be replicated in prior versions of MDaemon.
- Login to Remote Administration as the Global Administrator.
- Select Main
- Select Webmail/Remote Admin Settings
- Select Web Server
- Navigate to the HTTP Response Header section to add headers and values.
HTTP Strict Transport Security (HSTS) policy/headers can be added for additional security. See the article below to configure HSTS.
How to enable HTTP Strict Transport Security (HSTS) in MDaemon for Webmail and Remote Administration