Thumbnail
Macareux Security Header Extended

Developed by

Intermediate
Intermediate
Version 9 Ready!

This package makes you enable to add some security headers to mitigate some types of attacks.

If you are still using version 8.x and consider mitigating CVE-2021-22954 without editing server configuration, you can use this add-on.

Ref: CVE-2021-22954 and mitigations below Concrete Version 9

Supported Headers

  • Cross-Origin-Resource-Policy (CORP)
  • Cross-Origin-Opener-Policy (COOP)
  • Cross-Origin-Embedder-Policy (COEP)
  • Access-Control-Allow-Origin

Headers supported by core (you don't need to use this add-on)

  • X-Frame-Options
  • Strict-Transport-Security (HSTS) (v9+)
  • Content Security Policy (CSP) (v9+)

Known Issue

Security Headers are not set when the full page is cached

Official Repository

https://github.com/MacareuxDigital/md_security_header_extended

Current Version: 1.1
Fully Translatable: Yes
Needs External Libraries: No
Compatible 8.5.0+
License: MIT
Support Response: Replies to tickets every few days.
Support Hosted: On marketplace.concretecms.com
Needs extra server permissions: No
Needs Internet: No
Marketplace Tests:
Passed Automated Tests
Passed PRB Review