Secure Headers are not in use

[mboudreau]

Was looking at the codebase for some stuff I've done in the past and noticed this:

setupFrontendApp(app);
secureHeaders(app);

Since it's using the express use concept, and that it's "using" after the router is setup, that means that all secure headers are essentially ignored until after the routes are completed, which means that this isn't securing anything.

I'm not sure what's being accomplished by having the security headers in a separate function since it's only used once? Why not just add it inline with all other express app settings right before the router is used?