[martinrue]

For people using Node/Express, Helmet is a useful little library that lets you add these security headers and CSP pretty easily: https://github.com/helmetjs/helmet

[gkop]

This is the counterpart for Ruby: https://github.com/twitter/secureheaders

[thephyber]

Lusca[1] is the NPM module for use with Express that comes in the KrakenJS middleware (open sourced by PayPal).

    app.use(lusca.csrf());
    app.use(lusca.csp({ /* ... */}));
    app.use(lusca.xframe('SAMEORIGIN'));
    app.use(lusca.p3p('ABCDEF'));
    app.use(lusca.hsts({ maxAge: 31536000 }));
    app.use(lusca.xssProtection(true));

[1] https://github.com/krakenjs/lusca