The OWASP Secure Headers Project aims to set security parameters related to HTTP response headers that balance usability and security. The X-XSS-Protection header is designed to defend web applications against reflective XSS attacks. Setting this HSTS header can help protect applications against protocol downgrade attacks, such as Poodle.com attacks, clickjacking, cross-site request forgery and other threat vectors. These best practices provide a layer of security to help users mitigate certain types of attacks and vulnerabilities.”]
Source: https://securityintelligence.com/an-introduction-to-http-response-headers-for-security/