diff --git a/docs/security/measures.md b/docs/security/measures.md
index 12bd1c56..d1410e6c 100644
--- a/docs/security/measures.md
+++ b/docs/security/measures.md
@@ -89,10 +89,15 @@ that users who have access to the database do not also have access to this key.
The encrypted data in the database is as follows:
-| Table | Column | Rational |
-|:-------------------:|:----------:|:------------------------------------------------------------------------------------------------------:|
-| totp_configurations | secret | Prevents a [Leaked Database](#leaked-database) or [Bad Actors](#bad-actors) from compromising security |
-| webauthn_devices | public_key | Prevents [Bad Actors](#bad-actors) from compromising security |
+| Table | Column | Rational |
+|:---------------------------------:|:------------:|:------------------------------------------------------------------------------------------------------:|
+| totp_configurations | secret | Prevents a [Leaked Database](#leaked-database) or [Bad Actors](#bad-actors) from compromising security |
+| webauthn_devices | public_key | Prevents [Bad Actors](#bad-actors) from compromising security |
+| oauth2_authorization_code_session | session_data | Prevents [Bad Actors](#bad-actors) from compromising security |
+| oauth2_access_token_session | session_data | Prevents [Bad Actors](#bad-actors) from compromising security |
+| oauth2_refresh_token_session | session_data | Prevents [Bad Actors](#bad-actors) from compromising security |
+| oauth2_pkce_request_session | session_data | Prevents [Bad Actors](#bad-actors) from compromising security |
+| oauth2_openid_connect_session | session_data | Prevents [Bad Actors](#bad-actors) from compromising security |
### Leaked Database
@@ -224,77 +229,70 @@ feature, and set the [expiration](../configuration/session/index.md#expiration)
manner would mean if the cookie age was more than 2 hours or if the user was inactive for more than 10 minutes the
session would be destroyed.
-### Additional proxy protection measures
+### Response Headers
-You can also apply the following headers to your proxy configuration for improving security. Please read the
-relevant documentation for these headers before applying them blindly.
+This document previously detailed additional per-proxy configuration options that could be utilized in a proxy to
+improve security. These headers are now documented here and implemented by default in all responses due to the fact
+the experience should be the same regardless of which proxy you're utilizing and the area is rapidly evolving.
-#### nginx
+Users who need custom behaviours in this area can submit a request or remove/replace the headers as necessary.
-```
-# We don't want any credentials / TOTP secret key / QR code to be cached by
-# the client
-add_header Cache-Control "no-store";
-add_header Pragma "no-cache";
+#### X-Content-Type-Options
-# Clickjacking / XSS protection
+**Value:** `nosniff`
+**Endpoints:** All
-# We don't want Authelia's login page to be rendered within a ,
-#