- Event listener triggered on each response through
onKernelResponse()
method - Adds custom headers to the response
- Support for "static" headers specified in
config/response_header_setter/response_headers.yaml
- Currently includes security / privacy related headers:
- Cross-Origin-Opener-Policy
- Cross-Origin-Resource-Policy
- Referrer-Policy
- Currently includes security / privacy related headers:
- Strict-Transport-Security (remember to register the domain on https://hstspreload.org/ or preload will not work)