Home » Kerio User Forums » Kerio Connect » McAfee SECURE vulnerability (Scanning site returns a vulnerability HTTP Security Header Not Detected)

Messages: 3
Karma: 0
Send a private message to this user
I'm running version 9.2.7 (3949)

I have modified the mailserver.cfg file so that the XFrameOptions is SAMEORIGIN:

<variable name="AppendHeaderXFrameOptions">SAMEORIGIN</variable>

I am using a wildcard SSL so that the webmail page shows as opposed to an SSL mismatch error.

And I'm still getting the following VMS result:

X-XSS-Protection HTTP Header missing on port 443.
GET / HTTP/1.1
Host: mail1.domain.com
Connection: Keep-Alive

X-Content-Type-Options HTTP Header missing on port 443.
Content-Security-Policy HTTP Header missing on port 443.
Strict-Transport-Security HTTP Header missing on port 443.

Has anyone else experienced this?

Is there something to be done in the ..\MAILSERVER\WEB\CUSTOM folder?

Previous Topic: Lots of messages in queue from <>
Next Topic: Recurring events with invites
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 20 15:00:26 CET 2018

Total time taken to generate the page: 1.80092 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.