https://300m.com/security/advanced-security-headers/
I have some great security headers on this blog, but they are added using a single checkbox on the Sucuri WAF (web application firewall) this site uses. This is what they look like:
x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff
…
Source: Security Feed