SecurityOptions

Index

Properties

• csp
• csrf
• hsts
• noopen
• nosniff
• xframe
• xssProtection

Properties

csp

csp: Partial<SecurityCSPOptions>

content security policy config default not enable

csrf

csrf: Partial<SecurityCSRFOptions>

whether defend csrf attack default enable and use cookie

hsts

hsts: Partial<SecurityHSTSOptions>

whether enable Strict-Transport-Security response header default not enable and maxAge equals one year

noopen

noopen: Partial<SecurityEnableOptions>

whether enable IE automaticlly download open default not enable

nosniff

nosniff: Partial<SecurityEnableOptions>

whether enable IE8 automaticlly dedect mime default not enable

xframe

xframe: Partial<SecurityXFrameOptions>

whether enable X-Frame-Options response header default enable and value equals SAMEORIGIN

xssProtection

xssProtection: Partial<SecurityXSSProtectionOptions>

whether enable IE8 XSS Filter, default is open default enable