For v3, I'm honestly not quite sure the server.headers option is that useful because it's not typical you'd want to apply the same header to every response. You'll need to apply a header just to certain pages at least some of the time, so will need another way to apply headers resulting in two ways of doing things. I wonder if we should remove the option and tell users to apply the headers in their own middleware instead

I wonder why wasn't this the proposed solution. Does this work already? Maybe the issue is that Vite is setting its own headers so it will overwrite the one you add before? (and it isn't checking for the presence of prev headers)

Does this work already?

I believe so. In SvelteKit, we expose a way for users to modify headers on a per-request basis, so that they can change them according to the URL or other properties of their choosing

It seems #5580 introduced this option. The intended use-case was modifying Cache-Control header (eg. adding stale-while-revalidate, no-store). Also it was suggested to use this for COOP and COEP headers.

It seems #5580 introduced this option. The intended use-case was modifying Cache-Control header (eg. adding stale-while-revalidate, no-store). Also it was suggested to use this for COOP and COEP headers.

Do you think this is safe to merge then? The use case is COEP. The stale-while-revalidate seems fine to me, it is a header you may want to use depending on the request but I think it makes sense to be uniform here until we have a dynamic option

I think it is safe.

For v3, I am for this one.

I wonder if we should remove the option and tell users to apply the headers in their own middleware instead

Ok, let's merge this one for now. PR welcome if you think docs or a deprecation is needed for v3. My stance about server.headers is that it is nice to have it as a convenience method, especially for things like COEP. I would prefer to keep it.