Currently the only way to edit the http headers for a dedicated servers to make them more secure is to make the server unmanaged so that the changes don't get overwritten by Dreamhosts managed processes. May I suggest allowing the users to mange the http headers in the web console so that they do not have to turn off managed services as a feature request? Security should be a number 1 priority ... especially these days. Requiring users to unmanage Apache in order to secure the HTTP headers seems counter productive to me. I mean the whole point of having those services managed is to keep up on updates for security. So, requiring the users to make one part of the server less secure so that the other can become more secure is not a very good practice. I would suggest adding a section in the web panel for customers to edit the http headers, because by default they are not very secure.