I just some days ago checked some interesting articles on HTTP security. It really seems that I should look more into those HTTP security headers.
4 HTTP Security headers you should always be using article tells that because HTTP is an extensible protocol browsers have pioneered some useful headers to prevent or increase the difficulty of exploiting these vulnerabilities. Knowing what they are and when to apply them can help you increase the security of your system.
Security through HTTP response headers article tells that there are many things to consider when securing a web application but a definite “quick win” is to start taking advantage of the security HTTP response headers that are supported in most modern browser.
Introduction to HTTP Response Headers for Security and Seven Web Server HTTP Headers that Improve Web Application Security for Free articles have an explanation of each of the security headers you should check out.
After you have checked out those, remember also if HTTP Strict Transport Security is applicable to you. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections