1

As cyber threats evolve, hosting providers and server administrators need to take proactive steps to secure their web applications. One straightforward but effective security measure is using custom HTTP headers. These headers help protect websites from common attacks, boost browser security, and improve application performance.

For organizations managing several websites and hosting environments, custom HTTP headers are crucial for solid server security practices. RunCloud makes it easy to configure these headers on both Nginx and OpenLiteSpeed servers.

Why Custom HTTP Headers Matter

For hosting companies, using the right security headers across customer environments can lower risks while enhancing website trust and reliability. HTTP headers provide extra instructions between web servers and browsers. They can help:

• Prevent clickjacking attacks
• Reduce cross-site scripting (XSS) risks
• Enforce secure HTTPS connections
• Control browser behaviour
• Improve caching efficiency
• Support compliance with security standards

Adding Custom HTTP Headers in RunCloud for Nginx Servers

Step 1: Access Your Web Application

Log into your RunCloud dashboard and go to the ‘Web Applications’ section.

Select the website or application where you want to set custom headers.

Step 2: Open the Nginx Configuration

Within the application settings, find and open the ‘Nginx Config’ section.

This area allows you to create custom Nginx directives that enhance your application’s default settings.

Step 3: Create a Custom Header Configuration

Click ‘Add Config’ and give it a clear name, such as:

`custom-security-headers`

Add your desired security headers using the `add_header` directive.

Example:

“`nginx

add_header X-Frame-Options “DENY”;

add_header X-XSS-Protection “1; mode=block”;

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains”;

“`

These headers prevent clickjacking, reduce XSS risks, and enforce HTTPS.

Step 4: Validate the Configuration

Use the ‘Run and Debug’ option to check the configuration syntax.

Fix any errors before proceeding.

Step 5: Save and Apply Changes

Once you validate successfully, save the configuration.

RunCloud automatically reloads Nginx to apply the new settings.

Step 6: Verify Header Deployment

Verification ensures the headers are delivered correctly to visitors. After implementation, verify the headers with:

• Browser Developer Tools (Network tab)
• Security Header testing tools
• Command-line tools such as cURL

Adding Custom HTTP Headers in OpenLiteSpeed

Organizations using OpenLiteSpeed can set custom headers through the LiteSpeed configuration settings.

Step 1: Select the Application

Log in to RunCloud and open the desired web application.

Step 2: Access LiteSpeed Settings

Go to the ‘LiteSpeed Settings’ section to edit server-specific settings.

Step 3: Configure Custom Headers

Create a configuration context and add your custom header directives.

Example:

“`plaintext

context / {

    extraHeaders    X-Content-Type-Options nosniff

}

“`

This header prevents browsers from incorrectly interpreting file types and reduces certain security risks.

You can add multiple headers using separate `extraHeaders` directives.

Step 4: Save and Reload

Save the configuration and allow OpenLiteSpeed to reload.

The new headers will take effect right away.

Step 5: Confirm the Changes

Use browser developer tools or online validation sites to verify successful deployment.

Recommended Security Headers for Hosting Providers

Hosting companies should think about using the following headers whenever suitable:

1. Strict-Transport-Security (HSTS): Forces browsers to use HTTPS connections.

2. X-Frame-Options: Protects against clickjacking attacks.

3. X-Content-Type-Options: Prevents MIME type sniffing vulnerabilities.

4. Content-Security-Policy (CSP): Limits which resources can load within a web page.

5. Referrer-Policy: Controls how referral information is shared between websites.

 Best Practices for Managing HTTP Headers at Scale

For hosting providers managing hundreds or thousands of websites, consistency is key. Consider these best practices:

• Standardize header policies across environments
• Regularly audit security configurations
• Monitor for configuration drift
• Test changes before deployment
• Review headers after major application updates

Conclusion

Custom HTTP headers are a simple but powerful way to improve website security and performance. Whether you use Nginx or OpenLiteSpeed in RunCloud, configuring the right headers can help protect applications against common web threats and build user trust. For hosting companies and managed service providers, custom headers should be part of a wider server security strategy that includes monitoring, patch management, compliance reviews, and proactive infrastructure management.

Strengthen Your Hosting Infrastructure with SupportPRO

From server hardening and security audits to 24/7 infrastructure management and DevOps support, SupportPRO helps hosting companies maintain secure, high-performing environments. Contact our team today to learn how we can support your hosting operations.