| Strict-Transport-Security | Enforces secure (HTTP over SSL/TLS) connections to the server. |
| X-Frame-Options | Indicates whether a browser should be allowed to render a page in a <frame> or <iframe>. |
| Content-Security-Policy | Helps prevent Cross-Site Scripting (XSS) attacks. |
| X-Content-Type-Options | Prevents browsers from MIME-sniffing a response away from the declared content-type. |
| Referrer-Policy | Controls how much referrer information should be included with requests. |
| Permissions-Policy | Manages which browser features and APIs a page can use. |
| X-XSS-Protection | Helps protect against Cross-Site Scripting (XSS) attacks. |
| Expect-CT | Ensures that browsers enforce Certificate Transparency. |
| Cache-Control | Directs caching mechanisms on how to handle the response. |
| Access-Control-Allow-Origin | Controls which origins are allowed to access resources on the server. |