Litespeed global header static context for all Virtual Hosts?

litespeedlover · July 19, 2024, 7:26pm

Question: How can I enter the rule once and apply it to all virtual hosts on cyberpanel?

First, When you enter your domain here: https://securityheaders.com/ you will most likely get errors.

I have fixed this by entering the following in openlitespeed:7080 admin

litespeed admin > Virtual Hosts > Context > add new

type = static (hit next)
URI * = /
Location = /home/$VH_NAME/public_html
Accessible * = YES
Header Operations =

X-XSS-Protection 1;mode=block
X-Frame-Options SAMEORIGIN
Referrer-Policy strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options nosniff
Public-Key-Pins ‘pin-sha256=“pin1”; pin-sha256=“pin2”; max-age=2592000’
Permissions-Policy: geolocation=(self “https://$VH_NAME”), microphone=()

litespeedlover · July 21, 2024, 7:38pm

anyone fixing their security headers ok cyberpanel???

litespeedlover · August 1, 2024, 3:49pm

hello - why has there been no reply here?
are security headers not important?

I see this domain has them set:

and this one is even better:

So how do we set this as previously described?