x-frame-options

Express middleware to add an X-Frame-Options response header

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
x-frame-options
1111.0.09 years ago10 years agoMinified + gzip package size for x-frame-options in KB

Readme

x-frame-options express middleware
Express middleware to add an X-Frame-Options response header
build status
The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

var express = require('express')
var app = express()
var xFrameOptions = require('x-frame-options')

app.use(xFrameOptions())

app.get('/', function (req, res) {
  res.get('X-Frame-Options') // === 'Deny'
})

app.listen(3000)

Usage

var xFrameOptions = require('x-frame-options')

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame-options --save

Credits

Dom Harrington

License

Licensed under the New BSD License