This package makes you enable to add some security headers to mitigate some types of attacks.
If you are still using version 8.x and consider mitigating CVE-2021-22954 without editing server configuration, you can use this add-on.
Ref: CVE-2021-22954 and mitigations below Concrete Version 9
- Cross-Origin-Resource-Policy (CORP)
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Embedder-Policy (COEP)
Headers supported by core (you don't need to use this add-on)
- Strict-Transport-Security (HSTS) (v9+)
- Content Security Policy (CSP) (v9+)
Security Headers are not set when the full page is cached