Node Guard
General purpose I/O module to add following http headers to keep your webpages securing them from malware attacks. This module can be used with any node http server.
X-XSS-Protection
X-XSS-Protection
http header saves you from XSS
attacks. node-guard
will set up X-XSS-Protection
header on all modern browsers and will disable it for older versions of IE as they have security vulnerabilities defined here https://technet.microsoft.com/library/security/ms10-002.
const http = const guard = const options = enabled: true enableOnOldIE: false http
X-Frame-Options
X-Frame-Options
defines whether your webpage can be embedded as an iframe to other website. It can take 3 different values from ALLOW-FROM
, DENY
and SAMEORIGIN
const http = const guard = const options = 'DENY' // cannot be embedded at all// orconst options = 'SAMEORIGIN' // only this website// orconst options = 'ALLOW-FROM http://example.com' // defined uri http
X-Content-Type-Options
X-Content-Type-Options
disables sniffing from web browsers, where they will try to sniff
mimetypes. Which means a web browser will execute the javascript file even if the content-type
of that file is not set to javascript
. Give it a read https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
const http = const guard = const options = true // or false http
X-Download-Options
IE specific header to stop users from executing html files with the access to your site context. Here is a good read on same https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/.
const http = const guard = const options = true // or false http