Macareux Security Header Extended

  • thumbnail.png
  • md_security_header_extended_screenshot_1_1648183995.png
  • md_security_header_extended_screenshot_0_1648183995.png

Add security headers to mitigat specific types of cyber attacks

This package is particularly useful for users of version 8.x seeking to address CVE-2021-22954 without modifying server configurations. It is compatible with versions below Concrete Version 9. It focuses on addressing a known issue where security headers are not applied when a full page is cached.

Features

  • Supports the addition of crucial security headers including:
    • Cross-Origin-Resource-Policy (CORP)
    • Cross-Origin-Opener-Policy (COOP)
    • Cross-Origin-Embedder-Policy (COEP)
    • Access-Control-Allow-Origin
  • Integrates with core-supported headers (no need for this add-on) such as:
    • X-Frame-Options
    • Strict-Transport-Security (HSTS) for version 9 and above
    • Content Security Policy (CSP) for version 9 and above
  • Addresses a known issue where security headers are not set when the full page is cached.

For more information and access to the official repository, visit GitHub.