You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Evan Hahn edited this page May 27, 2020
·
1 revision
Previous versions of Helmet and x-xss-protection allowed you to add the report directive. This functionality was removed because enabling this header is no longer recommended.
If you still need to set a report directive for some reason, you can write your own small middleware:
// NOTE: This is discouraged.app.use((req,res,next)=>{res.setHeader("X-XSS-Protection","1; mode=block; report=/report-path");next();});