- Content Security Policy
For restrict the origin - X-Frame-option
Stop Clickjacking - X-Content-Type-Options
Control file uploads - Strict-Transport-Security
Never jump to http
Source: http://www.ibuildings.com/blog/2013/03/4-http-security-headers-you-should-always-be-using