This post has really good info on HTTP security headers.
https://blog.appcanary.com/2017/http-security-headers.html
- X-XSS-Protection
- Content Security Policy
- HTTP Strict Transport Security (HSTS)
- HTTP Public Key Pinning (HPKP)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Cookie Options