Security Headers: Whys and Hows

Our story (or, a vulnerability mitigated)