Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
var express = require('express');
var app = express();
app.disable('x-powered-by'); // disable X-Powered-By header
app.use(function(req, res, next){
res.header('X-XSS-Protection', '1; mode=block');
res.header('X-Frame-Options', 'deny');
res.header('X-Content-Type-Options', 'nosniff');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.