Suggested by Soumalya De – New
As per Security Compliance Standards for most of the web applications, irrespective of internal/external facing to follow a defense-in-depth, below security-specific headers are recommended.
X-XSS-Protection:1; mode =block
X-Frame-Options: Same Origin