Webmail and IIS HTTP Response Headers

Discussion forum for Enterprise Edition.
Post Reply
CPS-BStew
Posts: 4
Joined: Fri Nov 09, 2018 12:51 am

Webmail and IIS HTTP Response Headers

Post by CPS-BStew » Thu Mar 17, 2022 7:43 pm

I'm tightening up some security-related items on our websites; that includes our IIS Webmail site. Are there any special considerations for adding the following HTTP Response Headers to our ME 10.3x Webmail site running in IIS version 10.0.14393.0 on Windows 2016?

HTTP Response Header: Value:
Cache-Control: max-age=600, must-revalidate
Content-Security-Policy: upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Thanks!

Post Reply