From e7849e0af158dd7d8e91c570a920328fc90a4698 Mon Sep 17 00:00:00 2001
From: OhHeyAlan <ohheyalan@me.com>
Date: Mon, 6 May 2019 16:41:27 -0500
Subject: [PATCH] Correcting X-XSS-Protection Header

X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is "X-XSS-Protection: 1; mode=block".

Was "0"
Now "1; mode=block"
---
 src/backend/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/app.js b/src/backend/app.js
index 59802755..3b852cd4 100644
--- a/src/backend/app.js
+++ b/src/backend/app.js
@@ -48,7 +48,7 @@ app.use(function (req, res, next) {
 
     res.set({
         'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
-        'X-XSS-Protection':          '0',
+        'X-XSS-Protection':          '1; mode=block',
         'X-Content-Type-Options':    'nosniff',
         'X-Frame-Options':           x_frame_options,
         'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',