Feature request: Add security-related headers/cookie attributes

[arcuses]

Thanks for the software. Hoping you can help with adding some security-related headers to the server responses.

The following headers in particular:

• X-Frame-Options: DENY
  • As per MDN docs, "Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites."
• Cache-Control: no-store
  • Prevents caching of pages (e.g. ones that require authentication)
• Pragma: no-cache
  • HTTP 1.0 version of Cache-Control (HTTP 1.1)

Regarding cookies, the httpOnly attribute could be added to the mokey-sessck cookie. This prevents JavaScript from reading the cookie.

[aebruno]

@arcuses Thanks for submitting this. Will take a look and get these added.

[aebruno]

@arcuses If you get a chance, please review #59