Very minor changes, just adding some default headers in the event people don't configure this on their webserver. Also updating some packages to resolve open security alerts.
