How to Add Additional HTTP Headers

From OpenLiteSpeed Wiki

This wiki will tell you how to add additional http headers like HSTS, HKPK ...etc

Add the Headers in Web Admin

Enter OpenLiteSpeed Web Admin, navigate to Console > Vhost > Context, and create a new context.

Set Type to Static Httpheader1.JPG

Set URI to / and Location to your website root folder (usually wwwroot or public_html)

Set Extra Headers to whatever headers you wish to add.

This example will add the HSTS (HTTP Strict Transport Security) header to your site. Httpheader2.jpg

Save, and restart OLS to take effect.

Examples of Commonly Used Headers

Content-Security-Policy default-src 'self' data: 'unsafe-eval' 'unsafe-inline'

X-XSS-Protection 1;mode=block

X-Frame-Options SAMEORIGIN

Referrer-Policy strict-origin-when-cross-origin

Strict-Transport-Security: max-age=15552000

X-Content-Type-Options nosniff

Public-Key-Pins 'pin-sha256="pin1"; pin-sha256="pin2"; max-age=2592000'