There are a number of security headers that have been added to the HTTP specification that can provide defence-in-depth protection against certain vulnerabilities.
To keep your website secure, you can try adding below HTTP headers to your website which helps to prevent attacks against your website.
Here are my definitions for each one of this.
X-Frame-Options: SAMEORIGIN - Only renders iframes form the same origin.
X-Frame-Options: DENY - Don't render iframes at all
X-Frame-Options: allow-from https://yesno.wtf/ - reneders iframes form yesno.wtf only
X-XSS-Protection : 0 - Browser disables XSS filtering
X-XSS-Protection: 1 - Browser enables XSS filtering and sanitises the page if cross-site scripting has been detected.
X-XSS-Protection : 1;mode=block - Browser enables XSS filtering and blocks the page
X-XSS-Protection: 1; report=https://yesno.wtf/ - Browser enables XSS filtering, sanitise the page and report it to yesno.wtf
X-Content-Type-Options: nosniff -It lets browsers know that not to sniff the content-types