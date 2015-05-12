x-frame-options express middleware

Express middleware to add an X-Frame-Options response header

The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

var express = require ( 'express' ) var app = express() var xFrameOptions = require ( 'x-frame-options' ) app.use(xFrameOptions()) app.get( '/' , function ( req, res ) { res.get( 'X-Frame-Options' ) }) app.listen( 3000 )

Usage

var xFrameOptions = require ( 'x-frame-options' )

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame- options

Credits

Dom Harrington

License

Licensed under the New BSD License