From 72fc2e70685c4dcaa91437d7d80f0f2efdd67723 Mon Sep 17 00:00:00 2001
From: Caleb James DeLisle <cjd@cjdns.fr>
Date: Thu, 6 Oct 2016 23:02:30 +0200
Subject: [PATCH] Chuck a few more super-duper-security headers in there

---
 server.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server.js b/server.js
index 26e9d98ec..b6dc9d9dd 100644
--- a/server.js
+++ b/server.js
@@ -41,6 +41,11 @@ app.use(function (req, res, next) {
         //       documents in ckeditor.
         "img-src data: *"
     ].join('; '));
+
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+
     next();
 });