Security Alert - Need Update

www.webpagetest.org - finds out that wordpress sites hosted on cyberpanel does have security issues and gives “F” score.

Need to add these:

Strict Transport Security (HSTS)
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

X Content Type Options
The only defined value, “nosniff”, prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

X Frame Options
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location

Content Security Policy
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

X XSS Protection
A Cross-site scripting filter

Thanks

You can add them in OLS panel. very easy

This is not a security alert that needs an update.

Security headers should be set at an individual server or even a site level.

If you are using OLS then you can use this method: [Tutorial] How to add additional http header - Blog Posts - CyberPanel Community

If you are using LSWS then you can just add them to apache config files or .htaccess for individual sites.

Ok, I found the code to reset the Openlitespeed credentials
/usr/local/lsws/admin/misc/admpass.sh