Add HTTP security headers

Created by: M4LuZ

Expected Behavior

Over the last years a good amount of security enhancements have been included into the HTTP standard. Some of them are configured by the server sending defined HTTP header bits. Thus we should have a look if we can implement these without breaking current functionality. Examples would be:

• X-Frame-Options
• X-XSS-Protection
• X-Content-Type-Options
• Strict-Transport-Security

More to be found for example at the OWASP Secure Headers Project

Current Behavior

Headers aren't set. Default Browser options are used

Possible Solution

Set headers per default to recommended setting, fix compatibilty issues if possible, change header value otherwise

Context

To get LS up to the current state-of-the-art in this regard