Tighten HTTP headers #116
Description
I personally use https://github.com/helmetjs/helmet, but we try doing it manually if you think it'd be better. I personally don't try to reinvent the wheel when possible :)
If we go with the helmet approach we might want to disable HSTS so that we don't introduce broken sites for people.
Ideally, controlling the middlewares like favicon, helmet, cache etc should be configurable so that everyone does what they need to and so that we don't have another thing to worry about, apart from some sane defaults :)