Java developers surely have already heard of or even used some of the many available HTTP response headers in their web applications. Some of these response headers promise to have a positive impact on the security on the client side, but they are not widely used yet, even in newly developed web applications. This results in giving away relatively easily attainable security benefits. This session introduces attendees to different security-related response headers and intends to direct their attention to the unjustifiably low usage of these security headers. Besides presenting an introduction and taking a closer look at response header properties, the session explains how to correctly configure and integrate them into a Java web application. Filmed at JavaOne 2014.