Skip to content
/ x-xss-protection Public
forked from helmetjs/x-xss-protection

Middleware to set the X-XSS-Protection header

License

MIT license
0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gkoberger/x-xss-protection

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

X-XSS-Protection middleware

Build Status js-standard-style

Looking for a changelog?

The X-XSS-Protection HTTP header is a basic protection against XSS. It was originally by Microsoft but Chrome has since adopted it as well.

This middleware sets the X-XSS-Protection header. On modern browsers, it will set the value to 1; mode=block. On old versions of Internet Explorer, this creates a vulnerability (see here and here), and so the header is set to 0 to disable it.

To use this middleware:

var xssFilter = require('x-xss-protection')
app.use(xssFilter())

To force the header to be set to 1; mode=block on all versions of IE, add the option:

app.use(xssFilter({ setOnOldIE: true }))
// This has some security problems for old IE!

About

Middleware to set the X-XSS-Protection header

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • JavaScript 100.0%