Mitigate the risk of Clickjacking

Tell us what’s happening:
I’ve used app.use(helmet.frameguard({action: ‘deny’})); but it still says the it’s not correct

Your project link(s)

solution: https://replit.com/@karinas98/boilerplate-infosec

Your browser information:

User Agent is: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15

Challenge: Mitigate the Risk of Clickjacking with helmet.frameguard()

Link to the challenge:

Remove the caret ^ in front of the helmet version number. Or install the correct version using the shell.

npm i --save-exact helmet@3.21.3

To check the response you can look in the browser network tab when submitting. If you have the correct version the response will look like this.

{"headers":{"x-frame-options":"DENY"},"appStack":["hidePoweredBy","frameguard"]}

And not like this:

{"headers":{"x-frame-options":"DENY"},"appStack":["hidePoweredBy","xFrameOptionsMiddleware"]}