It helps in preventing Cross Site Scripting (XSS) with just a few lines of code. Just activate it, no settings, no bloat. It will not stop all the Cross Site Scripting injections, but with a very few lines of code you will drastically increase the security of your website without worsening the performance. You can read more about what it does at https://josemortellaro.com/how-to-prevent-cross-site-scripting-xss/..