{"library":"x-frame-options","type":"library","category":null,"description":"The `x-frame-options` package provides a simple Express middleware to set the `X-Frame-Options` HTTP response header, a security mechanism designed to prevent clickjacking attacks by controlling whether a page can be rendered within `<iframe>`, `<frame>`, `<embed>`, or `<object>` elements. Currently at version 1.0.0, the package was last published over a decade ago. While still functional, the `X-Frame-Options` header itself is considered a legacy solution in modern web development. For comprehensive and more granular protection against framing-based attacks, the `frame-ancestors` directive within Content Security Policy (CSP) is the recommended approach. This package is typically used for supporting older browsers that might not fully support CSP, often in conjunction with CSP `frame-ancestors` to ensure broad compatibility. The middleware defaults the `X-Frame-Options` header value to 'Deny', offering the strongest initial protection.","language":"javascript","status":"maintenance","version":"1.0.0","tags":["javascript","x-frame-options","security","middleware","express"],"last_verified":"Wed May 27","install":[{"cmd":"npm install x-frame-options","imports":["import xFrameOptions from 'x-frame-options';"]},{"cmd":"yarn add x-frame-options","imports":[]},{"cmd":"pnpm add x-frame-options","imports":[]}],"homepage":null,"github":null,"docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/x-frame-options","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"18–22","success_rate":0,"avg_install_s":null,"avg_import_s":null,"wheel_type":null},"url":"https://checklist.day/v1/registry/x-frame-options/compatibility"}}