Nextcloud serves security related headers such as
X-Content-Type-Options, and the official installation guide further says the following about serving security related headers:
"For optimal security, administrators are encouraged to serve these basic HTTP headers by the Web server to enforce them on response. To do this Apache has to be configured to use the .htaccess file and the following Apache modules need to be enabled:
The above is quoted from
I know how to enable mod_headers and mod_env under apache, and I did it before when deploying NextCloud under apache. However, I just installed nextcloud under openlitespeed, and I have no idea how to make the server serve these security headers. Thus, even though NextCloud serves security headers, when I checked my installation using https://securityheaders.com/, it says that these security headers are not setup.
I wonder anybody could let me know what to do. I am using CentOS 8.3 with DirectAdmin. The version of OpenLiteSpeed is 1.7.7.
Thank you very much for your help.