https://scotthelme.co.uk/how-widely-used-are-security-based-http-response-headers/
Content-Security-Policy
Content-Security-Policy-Report-Only
X-Webkit-Content-Security-Policy
X-Content-Security-Policy
Public-Key-Pins
Public-Key-Pins-Report-Only
Strict-Transport-Security
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
X-Download-Options
X-Permitted-Cross-Domain-Policies