# `ExSaml.SecurityPlug`
[🔗](https://github.com/docJerem/ex_saml/blob/main/lib/ex_saml/plugs/security_plug.ex#L1)

Plug that sets security headers on SAML responses.

Applied automatically by `ExSaml.Router`. Sets the following headers:
  * `content-security-policy` - with a per-request nonce (available via `conn.private[:ex_saml_nonce]`)
  * `cache-control` / `pragma` - no caching
  * `x-frame-options` - SAMEORIGIN
  * `x-xss-protection` - enabled with block mode
  * `x-content-type-options` - nosniff

# `call`

```elixir
@spec call(Plug.Conn.t(), Plug.opts()) :: Plug.Conn.t()
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*