The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be upgraded to HTTPS.| MDN Web Docs
The HTTP Referrer-Policy response header controls how much referrer information (sent with the Referer header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML.| MDN Web Docs
The HTTP X-Frame-Options response header can be used to indicate whether a browser should be allowed to render a page in a ,| MDN Web Docs