dpjayasekara
2/17/2016 - 4:51 AM

nodesec-manual-headers

nodesec-manual-headers

var express = require('express');
var app = express();

app.disable('x-powered-by');   // disable X-Powered-By header

app.use(function(req, res, next){
  res.header('X-XSS-Protection', '1; mode=block');
  res.header('X-Frame-Options', 'deny');
  res.header('X-Content-Type-Options', 'nosniff');
  next();
});