X-Frame-Options: isn't found. It can leak to clickjacking attack Content-Type-Options: isn't found. Can cause XSS attack against users with Internet Explorer in specific situation Content-Security-Policy: isn't found. CSP - special header which can help prevent cross-site scripting (XSS) and related attacks