And you can also add custom headers like the below code:
procedure TUniServerModule.UniGUIServerModuleHTTPCommand(
ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo;
var Handled: Boolean);
begin
AResponseInfo.CustomHeaders.AddValue('X-Content-Type-Options', 'nosniff');
AResponseInfo.CustomHeaders.AddValue('X-Frame-Options', 'SAMEORIGIN');
AResponseInfo.CustomHeaders.AddValue('X-XSS-Protection', '1; mode=block');
end;