Add security headers to prevent XSS

Some browsers such as Internet Explorer require the ​nosniff header to be set and potentially dangerous characters to be encoded. Otherwise other websites embedding this resource could trigger a XSS vulnerability.

