This package makes you enable to add some security headers to mitigate some types of attacks.
If you are still using version 8.x and consider mitigating CVE-2021-22954 without editing server configuration, you can use this add-on.
Ref: CVE-2021-22954 and mitigations below Concrete Version 9
Security Headers are not set when the full page is cached
https://github.com/MacareuxDigital/md_security_header_extended