Protect your site from XSS, Clickjacking, and common vulnerabilities.
Default is 'self' for maximum security.