Security Headers - Vikash Viraj

How to do that?

Well,

Use X-Content-Type-Options to prevent MIME type sniffing.
Implement X-Frame-Options to avoid clickjacking attacks.
Set X-XSS-Protection to active the browser’s XSS filter.

Example:

app.use((req, res, next) => {
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-XSS-Protection', '1; mode=block');
  next();
});

Want to learn more? Check out the OWASP Secure Headers Project