Header set X-Content-Type-Options nosniff Header set X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block"