OLS additional headers

dalarso

Hello, I just successfully migrated from the horrors of CyberPanel. I am really liking Enhance so far.

I do however want to confirm that OpenLiteSpeed does not support additional headers yet? I logged into the OLS admin panel and attempted to add a context for security headers but it won't save. Thanks

Zoinkies

Enhance doesn’t support persistent OLS settings at all. Any changes made in OLS will be removed.

ronald

If you are referring to HTTP headers I suggest you add them by PHP instead as it's not viable to add them in the OLS vhost files running on Enhance.

dalarso

ronald Thank you, forgive me if this is a stupid question but I am not familiar with adding them to PHP. Do I add them in the php.ini editor or elsewhere?

webnestify

dalarso You can find PHP headers in my guide at https://wnstify.cc/secguide

ronald

Here is a code example from one of my sites. The code can be added in functions.php or by using any plugin allowing you to add custom code snippets.

// Add HTTP security headers to website add_action('send_headers', function() { header( 'X-Frame-Options: SAMEORIGIN' ); header( 'X-XSS-Protection: 1; mode=block' ); header( 'X-Content-Type-Options: nosniff' ); header( 'X-Permitted-Cross-Domain-Policies: none' ); header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' ); header( 'Content-Security-Policy: upgrade-insecure-requests' ); header( 'Referrer-Policy: no-referrer-when-downgrade' ); header( 'Permissions-Policy: camera=(), microphone=()' ); // This part removes the X-Powered-By header, PHP might not always allow this header to be removed. header_remove('X-Powered-By'); });

Andreas

I would take preload out. If you have SSL issues, your site will not load up.