From 59813d2d1ed38dfa84c3c2eca1970f0b5fbfe765 Mon Sep 17 00:00:00 2001
From: Abhinav Koppula <abhinav.koppula@gmail.com>
Date: Sun, 4 Sep 2022 17:11:28 +0530
Subject: [PATCH] [Security][Clickjacking]-Adding X-Frame-Options and
 X-Frame-Options header to prevent clickjacking

---
 server.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server.js b/server.js
index 7aa29253..eaccf988 100644
--- a/server.js
+++ b/server.js
@@ -23,6 +23,8 @@ app.use((req, res, next) => {
   res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
   res.header('Cache-control', 'public, max-age=0');
   res.header('Pragma', 'no-cache');
+  res.setHeader('X-Frame-Options', 'DENY');
+  res.setHeader('Content-Security-Policy', "frame-ancestors 'none';");
 
   next();
 });