SecureHeaders
The gem will automatically apply several headers that are related to security. This includes:
Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and other classes of attack. CSP 1.1 Specification
HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS Specification
X-Frame-Options (XFO) - Prevents your content from being framed and potentially clickjacked. X-Frame-Options draft
X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
X-Content-Type-Options - Prevent content type sniffing
for additional info on SecureHeaders implementation click on the following link........https://github.com/twitter/secureheaders