You may have received a vulnerability report/scan stating that you need to fix 'HTTP Security Header Not Detected' on some web servers.
We'll mitigate three different things: X-Frame-options, X-XSS-Protection and X-Content-Type-Options
First, run curl to test your server:
curl -I...