Currently aurweb has a severe lack of security headers, which would give us some nice security benefits. The current headers can be viewed on [securityheaders.com](https://securityheaders.com/?q=https%3A%2F%2Faur.archlinux.org&followRedirects=on). We should be able to set everything except Permissions-Policy. An option seems to be to use [secweb](https://pypi.org/project/Secweb/)