How to serve Nextcloud's basic HTTP headers by the Web server (OpenLiteSpeed)

Hi,

Nextcloud serves security related headers such as X-Content-Type-Options, and the official installation guide further says the following about serving security related headers:
"For optimal security, administrators are encouraged to serve these basic HTTP headers by the Web server to enforce them on response. To do this Apache has to be configured to use the .htaccess file and the following Apache modules need to be enabled:
mod_headers
mod_env
"
The above is quoted from

I know how to enable mod_headers and mod_env under apache, and I did it before when deploying NextCloud under apache. However, I just installed nextcloud under openlitespeed, and I have no idea how to make the server serve these security headers. Thus, even though NextCloud serves security headers, when I checked my installation using https://securityheaders.com/, it says that these security headers are not setup.

I wonder anybody could let me know what to do. I am using CentOS 8.3 with DirectAdmin. The version of OpenLiteSpeed is 1.7.7.

Thank you very much for your help.

I think I have some idea: it seems that by enabling mod_headers and mod_env, .htaccess will make apache set these headers. It simply repeats the same settings that Nextcloud would set.

Am I right? If I am right, I guess I just have to manually add these headers to OpenLiteSpeed. It seems to be working, but is there any way to actually make OpenLiteSpeed make use of this .htaccess file in nextcloud installation folder so that I need not add these headers manually?

Another question is: What about the Content-Security-Policy header? It is not in .htaccess, and https://securityheaders.com/ says there is no Content-Security-Policy header, but I could see it when using chrome to find it.