It helps in preventing Cross Site Scripting (XSS) with just a few lines of code.
Just activate it, no settings, no bloat.
It will not stop all the Cross Site Scripting injections, but with a very few lines of code you will drastically increase the security of your website without worsening the performance.
You can read more about what it does at
https://josemortellaro.com/how-to-prevent-cross-site-scripting-xss/..