HTTP Security headers are security mechanisms that you can use to protect your web application. Those headers provide extra protection layers. This is a fundamental part of web application security. You can easily configure your web application and implement required security header information for your application. After the implementation, these security headers protect your application against the type of attacks such as XSS, code injection, clickjacking, etc.
Basically, when a browser requests a URL from a web server, the server responds with the content along with HTTP headers.