You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Evan Hahn edited this page May 27, 2020
·
1 revision
Previous versions of Helmet and x-xss-protection allowed you to remove the mode=block directive. This functionality was removed because it is not recommended.
If you still need to do that, you can write your own small middleware:
// NOTE: This is discouraged.app.use((req,res,next)=>{res.setHeader("X-XSS-Protection","1");next();});