Security headers are directives used by web applications to configure security defenses in web browsers. Based on these directives, browsers can make it more difficult to exploit client-side vulnerabilities such as Cross-Site Scripting or Clickjacking.