What are the best practices for configuring and managing common response headers in a serverless architecture? I’m looking to ensure consistent security and performance headers across all my serverless functions, and I’d like to hear about your recommendations and experiences in this regard.