Comment 0 for bug 1531987

We need to review our HTTP headers to improve security and check which ones we should include per default and which ones might need to be configurable. The review will include but is not limited to:

- Strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Server
- X-Powered-By
- X-Permitted-Cross-Domain-Policies
- Caching headers