x-frame-options

1.0.0 • Public • Published

x-frame-options express middleware

Express middleware to add an X-Frame-Options response header

build status

The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

  var express = require('express')
  var app = express()
  var xFrameOptions = require('x-frame-options')
 
  app.use(xFrameOptions())
 
  app.get('/', function (req, res) {
    res.get('X-Frame-Options') // === 'Deny'
  })
 
  app.listen(3000)

Usage

  var xFrameOptions = require('x-frame-options')

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame-options --save

Credits

Dom Harrington

License

Licensed under the New BSD License

Package Sidebar

Install

npm i x-frame-options

Weekly Downloads

3,735

Version

1.0.0

License

BSD-2-Clause

Last publish

Collaborators

  • domharrington