x-frame-options
v1.0.0
Published
Express middleware to add an X-Frame-Options response header
Downloads
11,193
Maintainers
Readme
x-frame-options express middleware
Express middleware to add an X-Frame-Options response header
The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe>
element or not.
This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites.
See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.
Example
var express = require('express')
var app = express()
var xFrameOptions = require('x-frame-options')
app.use(xFrameOptions())
app.get('/', function (req, res) {
res.get('X-Frame-Options') // === 'Deny'
})
app.listen(3000)
Usage
var xFrameOptions = require('x-frame-options')
var middleware = xFrameOptions(headerValue = 'Deny')
Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.
Installation
npm install x-frame-options --save
Credits
License
Licensed under the New BSD License