docs for XSSHeader

rack-protection/lib/rack/protection/xss_header.rb

@@ -2,6 +2,14 @@ require 'rack/protection'
 
 module Rack
   module Protection
+    ##
+    # Sets X-XSS-Protection header to tell the browser to block attacks.
+    #
+    # Prevented attack::   Non-permanent XSS
+    # Supported browsers:: Internet Explorer >= 8
+    #
+    # Options:
+    # xss_mode:: How the browser should prevent the attack (default: `:block`)
     class XSSHeader < Base
       default_options :xss_mode => :block