[Security][Clickjacking]-Adding X-Frame-Options and X-Frame-Options header to prevent clickjacking

abhinav-koppula · abhinav-koppula · commit 59813d2d1ed3 · 2022-09-23T06:39:02.000+05:30
diff --git a/server.js b/server.js
@@ -23,6 +23,8 @@ app.use((req, res, next) => {
   res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
   res.header('Cache-control', 'public, max-age=0');
   res.header('Pragma', 'no-cache');
+  res.setHeader('X-Frame-Options', 'DENY');
+  res.setHeader('Content-Security-Policy', "frame-ancestors 'none';");
 
   next();
 });
