diff --git a/composer.lock b/composer.lock
index 488bf3c..80cf7d5 100644
--- a/composer.lock
+++ b/composer.lock
@@ -849,15 +849,15 @@
         },
         {
             "name": "wpackagist-plugin/autodescription",
-            "version": "5.0.6",
+            "version": "5.1.2",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/autodescription/",
-                "reference": "tags/5.0.6"
+                "reference": "tags/5.1.2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/autodescription.5.0.6.zip"
+                "url": "https://downloads.wordpress.org/plugin/autodescription.5.1.2.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1047,15 +1047,15 @@
         },
         {
             "name": "wpackagist-plugin/redirection",
-            "version": "5.5.0",
+            "version": "5.5.1",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/redirection/",
-                "reference": "tags/5.5.0"
+                "reference": "tags/5.5.1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/redirection.5.5.0.zip"
+                "url": "https://downloads.wordpress.org/plugin/redirection.5.5.1.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1065,15 +1065,15 @@
         },
         {
             "name": "wpackagist-plugin/safe-svg",
-            "version": "2.2.6",
+            "version": "2.3.0",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/safe-svg/",
-                "reference": "tags/2.2.6"
+                "reference": "tags/2.3.0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/safe-svg.2.2.6.zip"
+                "url": "https://downloads.wordpress.org/plugin/safe-svg.2.3.0.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1083,15 +1083,15 @@
         },
         {
             "name": "wpackagist-plugin/shortpixel-image-optimiser",
-            "version": "6.0.0",
+            "version": "6.0.2",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/shortpixel-image-optimiser/",
-                "reference": "tags/6.0.0"
+                "reference": "tags/6.0.2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/shortpixel-image-optimiser.6.0.0.zip"
+                "url": "https://downloads.wordpress.org/plugin/shortpixel-image-optimiser.6.0.2.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1405,12 +1405,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/Roave/SecurityAdvisories.git",
-                "reference": "b33a18b5d222c63472a4b41f6fa3e15e591c9595"
+                "reference": "fff26f7a91a7458bf6eea5afdd71b4aba1f1d3ea"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/b33a18b5d222c63472a4b41f6fa3e15e591c9595",
-                "reference": "b33a18b5d222c63472a4b41f6fa3e15e591c9595",
+                "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/fff26f7a91a7458bf6eea5afdd71b4aba1f1d3ea",
+                "reference": "fff26f7a91a7458bf6eea5afdd71b4aba1f1d3ea",
                 "shasum": ""
             },
             "conflict": {
@@ -1991,6 +1991,7 @@
                 "socialiteproviders/steam": "<1.1",
                 "spatie/browsershot": "<3.57.4",
                 "spatie/image-optimizer": "<1.7.3",
+                "spencer14420/sp-php-email-handler": "<1",
                 "spipu/html2pdf": "<5.2.8",
                 "spoon/library": "<1.4.1",
                 "spoonity/tcpdf": "<6.2.22",
@@ -2061,7 +2062,7 @@
                 "t3s/content-consent": "<1.0.3|>=2,<2.0.2",
                 "tastyigniter/tastyigniter": "<3.3",
                 "tcg/voyager": "<=1.4",
-                "tecnickcom/tcpdf": "<=6.7.4",
+                "tecnickcom/tcpdf": "<=6.7.5",
                 "terminal42/contao-tablelookupwizard": "<3.3.5",
                 "thelia/backoffice-default-template": ">=2.1,<2.1.2",
                 "thelia/thelia": ">=2.1,<2.1.3",
@@ -2238,7 +2239,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-19T21:04:39+00:00"
+            "time": "2024-11-27T22:05:07+00:00"
         },
         {
             "name": "squizlabs/php_codesniffer",
@@ -2443,15 +2444,15 @@
         },
         {
             "name": "wpackagist-plugin/query-monitor",
-            "version": "3.16.4",
+            "version": "3.17.0",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/query-monitor/",
-                "reference": "tags/3.16.4"
+                "reference": "tags/3.17.0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/query-monitor.3.16.4.zip"
+                "url": "https://downloads.wordpress.org/plugin/query-monitor.3.17.0.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
diff --git a/web/wp-content/mu-plugins/wp-mu-plugins/lf-mu/public/class-lf-mu-public.php b/web/wp-content/mu-plugins/wp-mu-plugins/lf-mu/public/class-lf-mu-public.php
index f9e1fd6..ed51e8f 100644
--- a/web/wp-content/mu-plugins/wp-mu-plugins/lf-mu/public/class-lf-mu-public.php
+++ b/web/wp-content/mu-plugins/wp-mu-plugins/lf-mu/public/class-lf-mu-public.php
@@ -219,6 +219,12 @@ function ( $headers ) {
 
 		// remove application passwords.
 		add_filter( 'wp_is_application_passwords_available', '__return_false' );
+
+		// Add strict-origin-when-cross-origin referrer policy.
+		add_action( 'wp_head', 'wp_strict_cross_origin_referrer' );
+
+		// Add X-Frame-Options SAMEORIGIN.
+		add_action( 'send_headers', 'send_frame_options_header', 10, 0 );
 	}
 
 	/**
diff --git a/web/wp-content/themes/cncf-twenty-two/classes/class-lf-utils.php b/web/wp-content/themes/cncf-twenty-two/classes/class-lf-utils.php
index bbdcda5..fb6f88b 100644
--- a/web/wp-content/themes/cncf-twenty-two/classes/class-lf-utils.php
+++ b/web/wp-content/themes/cncf-twenty-two/classes/class-lf-utils.php
@@ -265,38 +265,57 @@ public static function display_responsive_images( $image_id, $image_size, $max_w
 			$alt_text = self::get_img_alt( $image_id );
 		}
 
-		if ( ! $image_srcset ) {
+		if ( $image_srcset ) {
+			$fetchpriority = ( 'eager' === $loading ) ? ' fetchpriority="high"' : '';
 
-			$width  = (int) $size[1] ?? '';
-			$height = (int) $size[2] ?? '';
-
-			$img           = '<img width="' . $width . '" height="' . $height . '" loading="' . $loading . '" class="' . $class_name . '"  src="' . $image_src . '" alt="' . $alt_text . '">';
-			$img_meta      = wp_get_attachment_metadata( $image_id );
-			$attachment_id = $image_id;
-			$html          = wp_image_add_srcset_and_sizes( $img, $img_meta, $attachment_id );
+			$html = '<img width="' . $size[1] . '" height="' . $size[2] . '" loading="' . $loading . '" decoding="async" class="' . $class_name . '" src="' . $image_src . '" srcset="' . $image_srcset . '" sizes="(max-width: ' . $max_width . ') 100vw, ' . $max_width . '"' . $fetchpriority . ' alt="' . $alt_text . '">';
 
 		} else {
+			$attributes = array(
+				'loading="' . $loading . '"',
+				'class="' . $class_name . '"',
+				'src="' . $image_src . '"',
+				'alt="' . $alt_text . '"',
+			);
+
+			if ( 'eager' === $loading ) {
+				$attributes[] = 'fetchpriority="high"';
+			}
 
-			$html = '<img width="' . $size[1] . '" height="' . $size[2] . '" loading="' . $loading . '" decoding="async" class="' . $class_name . '" src="' . $image_src . '" srcset="' . $image_srcset . '" sizes="(max-width: ' . $max_width . ') 100vw, ' . $max_width . '" alt="' . $alt_text . '">';
+			$width  = (int) $size[1] ?? null;
+			$height = (int) $size[2] ?? null;
 
+			if ( $width ) {
+				$attributes[] = 'width="' . $width . '"';
+			}
+
+			if ( $height ) {
+				$attributes[] = 'height="' . $height . '"';
+			}
+
+			$img           = '<img decoding="async" ' . implode( ' ', $attributes ) . '>';
+			$img_meta      = wp_get_attachment_metadata( $image_id );
+			$attachment_id = $image_id;
+			$html          = wp_image_add_srcset_and_sizes( $img, $img_meta, $attachment_id );
 		}
 
 		echo wp_kses(
 			$html,
 			array(
 				'img' => array(
-					'src'     => true,
-					'srcset'  => true,
-					'sizes'   => true,
-					'class'   => true,
-					'id'      => true,
-					'width'   => true,
-					'height'  => true,
-					'alt'     => true,
-					'align'   => true,
-					'style'   => true,
-					'media'   => true,
-					'loading' => true,
+					'src'      => true,
+					'srcset'   => true,
+					'sizes'    => true,
+					'class'    => true,
+					'id'       => true,
+					'width'    => true,
+					'height'   => true,
+					'alt'      => true,
+					'align'    => true,
+					'style'    => true,
+					'media'    => true,
+					'loading'  => true,
+					'decoding' => true,
 				),
 			)
 		);
diff --git a/web/wp-content/themes/cncf-twenty-two/components/header.php b/web/wp-content/themes/cncf-twenty-two/components/header.php
index ad6512e..a38d0e7 100644
--- a/web/wp-content/themes/cncf-twenty-two/components/header.php
+++ b/web/wp-content/themes/cncf-twenty-two/components/header.php
@@ -24,7 +24,7 @@
 		<?php if ( isset( $site_options['header_image_id'] ) && $site_options['header_image_id'] ) { ?>
 		<div class="logo">
 			<a href="/" title="<?php echo bloginfo( 'name' ); ?>">
-				<img loading="eager"
+				<img loading="eager" decoding="async" fetchpriority="high"
 					src="<?php echo esc_url( wp_get_attachment_url( $site_options['header_image_id'] ) ); ?>"
 					width="210" height="40"
 					alt="<?php echo bloginfo( 'name' ); ?>">
diff --git a/web/wp-content/themes/cncf-twenty-two/functions.php b/web/wp-content/themes/cncf-twenty-two/functions.php
index 6e3a152..286819e 100644
--- a/web/wp-content/themes/cncf-twenty-two/functions.php
+++ b/web/wp-content/themes/cncf-twenty-two/functions.php
@@ -190,19 +190,27 @@ function lf_update_styles_with_filemtime( $styles ) {
 add_action( 'wp_default_styles', 'lf_update_styles_with_filemtime' );
 
 /**
- * Removes the threshold of how many images should be excluded from lazy load.
- *
- * Introduced in WordPress 5.9
- *
- * @return int
+ * Adjusts the lazy load image threshold based on post type.
  */
-function lf_always_lazyload_images() {
-	return 0;
+function lf_lazyload_threshold_by_post_type() {
+	$thresholds = array(
+		'lf_case_study' => 1,
+		'lf_human'      => 1,
+		'lf_kubeweekly' => 0,
+		'lf_project'    => 1,
+		'lf_report'     => 1,
+		'lf_webinar'    => 0,
+		'page'          => 1,
+		'post'          => 0,
+	);
+
+	$post_type = get_post_type();
+	return isset( $thresholds[ $post_type ] ) ? $thresholds[ $post_type ] : 0;
 }
-add_filter( 'wp_omit_loading_attr_threshold', 'lf_always_lazyload_images', 10, 0 );
+add_filter( 'wp_omit_loading_attr_threshold', 'lf_lazyload_threshold_by_post_type', 10, 0 );
 
 /**
- * Disable OpenVerse from Media
+ * Disable OpenVerse from Media.
  *
  * @param array $settings Settings.
  */