Hotlink protection — allows you to prevent the process of embedding files from your site on someone else’s (disabled by default).
HTTP Strict-Transport-Security (HSTS) header — a response header (often abbreviated as HSTS) that allows websites to notify the browser that they should only be accessed via HTTPS instead of HTTP. Disabled by default.
Cross-Origin Resource Sharing (CORS) — header is a header that specifies which resources can access the CDN for content. Disabled by default. Enabling CORS adds the Access-Control-Allow-Origin header “*”.