Overwrites some Drupal features to security hardening.

  • Remove head meta tag generator to reduce fingerprint software information.
  • Adds XSS protection header in block mode.
  • Adds Strict-Transport-Security header to tell browsers that the site it should only be accessed using HTTPS.
  • Prevents user enumeration using password request form. Drupal core shows different messages when you input a valid or invalid email o username, this module equals messages in both situations to avoid user enumeration.
https://www.drupal.org/project/security_hardening