The System - Content Security Policy plugin(s) bring this much...
Do you ever get tired of managing Content-Security-Policy headers? It's tedious, and worse - editing Apache/Nginx config files can be a pain because you have to restart the server to test your configs! It would be nice if Joomla had an easy method to manage CSP settings...... Now it does!
The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. I really tried to give this plugin every feature I would want, and it's running on this site now!
With very little effort, and in very little time - you can pass the securityheaders.io test with an easy "A".