From 72c813d3847f7e2fccdbf840294427c5d8a5a992 Mon Sep 17 00:00:00 2001
From: Yutaka Yamaguchi <yyamaguchi@sixapart.com>
Date: Sun, 30 Mar 2014 14:55:40 +0900
Subject: [PATCH] keep enable Cache-Control

helmet.defaults() disabeles Cache-Control. I guess it's controversial to disable it.
---
 config/express.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/express.js b/config/express.js
index a7c58773..667adb71 100755
--- a/config/express.js
+++ b/config/express.js
@@ -99,7 +99,11 @@ module.exports = function(db) {
 	// connect flash for flash messages
 	app.use(flash());
 
-	app.use(helmet.defaults());
+	app.use(helmet.xframe());
+	app.use(helmet.iexss());
+	app.use(helmet.contentTypeOptions());
+	app.use(helmet.ienoopen());
+	app.disable('x-powered-by');
 
 	// routes should be at the last
 	app.use(app.router);