podafSleepSafe

Sleep safe knowing you're guarded against CSRF, XSS, and other web attacks

Mixins

Guard	Guard against malicious attacks by inspecting HTTP requests.

ContentTypeGuard	Guards against dodgy Content-Type sniffing by setting a `X-Content-Type-Options` HTTP response header that tells browsers to trust the `Content-Type` header.
CspGuard	Guards against Cross Site Scripting (XSS) by setting an `Content-Security-Policy` HTTP response header that tells browsers to restrict where content can be loaded from.
CsrfTokenGuard	Guards against CSRF attacks by enforcing an customisable Encrypted Token Pattern strategy.
FrameOptionsGuard	Guards against clickjacking by setting an `X-Frame-Options` HTTP response header that tells browsers not to embed the page in a frame.
ReferrerPolicyGuard	Guards against internal URL leakage by setting a `Referrer-Policy` HTTP response header that tells browsers how and when to transmit the HTTP Referer (sic) header.
SameOriginGuard	Guards against CSRF attacks by checking that the `Referer` or `Origin` HTTP header matches the `Host`.
SessionHijackGuard	Guards against Session hijacking by caching browser user-agent parameters and checking them on each request.
SleepSafeMiddleware	BedSheet middleware that invokes the Guards.
StrictTransportGuard	Guards against protocol downgrade attacks and Cookie hijacking by setting a `Strict-Transport-Security` HTTP response header that tells browsers to use HTTPS.
XssProtectionGuard	Guards against Cross Site Scripting (XSS) by setting an `X-XSS-Protection` HTTP response header that tells browsers enable XSS filtering.