dawnscanner: Security Related Headers check failed, to fix or not to fix and how?

I run dawn on a Rails 4 project and got this

09:28:58 [$] dawn: Description: To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.
09:28:58 [$] dawn: Solution: Use response headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection in your project.
...

I have no idea of what those headers are about so I googled for them and found https://coderwall.com/p/k7xlxa Apparently they are already used by Rails 4. I checked a Rails 4 application of mine and got them in the response

X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

So is Rails 4 already safe? If this is the case, should dawn still warn me about those headers?

I believe there is a more general problem. I’m not a security professional and there will be many people like me in the intended audience of dawn. I need either time to really understand why a vulnerabily is a vulnerabily or plain Ruby code to use in my projects to fix vulnerabilities. Falling back to the second option, the message “Use response headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection in your project” is not so useful because I don’t know how to use those headers (which values?) and where to put them (first guess, some callback in ActionController to set headers on all responses but I thought only 1 second about it.)