HTTP headers should be made more secure, for example by removing headers such as x-powered-by and adding some headers to stop things such as mime type sniffing.