Macareux Security Header Extended

This package is particularly useful for users of version 8.x seeking to address CVE-2021-22954 without modifying server configurations. It is compatible with versions below Concrete Version 9. It focuses on addressing a known issue where security headers are not applied when a full page is cached.

Features

• Supports the addition of crucial security headers including:
  • Cross-Origin-Resource-Policy (CORP)
  • Cross-Origin-Opener-Policy (COOP)
  • Cross-Origin-Embedder-Policy (COEP)
  • Access-Control-Allow-Origin
• Integrates with core-supported headers (no need for this add-on) such as:
  • X-Frame-Options
  • Strict-Transport-Security (HSTS) for version 9 and above
  • Content Security Policy (CSP) for version 9 and above
• Addresses a known issue where security headers are not set when the full page is cached.

For more information and access to the official repository, visit GitHub.