In order to customise the HTTP headers on the OpenLiteSpeed webserver please navigate to your virtual machine in bunnyshell and go to the OPS tab.
On the OpenLiteSpeed line click on Edit and then find the configuration that you wish to alter. In this tutorial, I will add additional HTTP headers the configuration of my WordPress site.
I find the configuration of the site in question and, since I want to alter the headers in the main context of my website, I will add the code under the context / { line.
I include a copy of the code here since it will hopefully make it easy for anyone to just copy and paste it into their own configuration. Please note that you can alter and add only the headers you are interested in.
extraHeaders <<<END_extraHeaders
Content-Security-Policy default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com
X-XSS-Protection 1;mode=block
X-Frame-Options SAMEORIGIN
Referrer-Policy strict-origin-when-cross-origin
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options nosniff
Public-Key-Pins 'pin-sha256="pin1"; pin-sha256="pin2"; max-age=2592000'
END_extraHeaders
Now that you have altered the configuration file, it's time to deploy it. At the bottom of the page we are currently on we need to click on the Update Package button. This will take us back to the OPS menu. This action saved the changes that we have done, but they are not applied yet.
To apply them we will mark the OpenLiteSpeed package for deployment and then click on Deploy Changes.
Please wait for a couple of minutes until the new configuration is applied. Once it is, the new headers will be visible from the developer tools of your browser of choice.