This version deprecates X-XSS-Protection and Feature-Policy header based on this
Response Headers
- HTTP Strict Transport Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Content-Security-Policy
- X-Permitted-Cross-Domain-Policies
- Referrer-Policy
- Feature-Policy (almost deprecated)
- Public Key Pinning Extension for HTTP (HPKP) (deprecated)
- Expect-CT (almost deprecated)
- X-XSS-Protection (deprecated)