Chuck a few more super-duper-security headers in there

2016-10-06 23:02:30 +02:00
parent f8ac3a6ad3
commit 72fc2e7068
1 changed files with 5 additions and 0 deletions
@@ -41,6 +41,11 @@ app.use(function (req, res, next) {
        //       documents in ckeditor.
        "img-src data: *"
    ].join('; '));
+
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+
    next();
 });