Hardening headers with Helmet
Express.js is a lightweight web framework, so certain measures that are typically taken to better secure applications are not implemented by the core framework. One of the precautionary measures we can take is to set certain security-related HTTP headers on requests. Sometimes, this is referred to as hardening the headers of our HTTP requests.
The Helmet module (https://github.com/helmetjs/helmet) provides a middleware to set security-related headers on our HTTP requests, saving time on manual configuration. Helmet sets HTTP headers to reasonable and secure defaults, which can then be extended or customized as needed. In this recipe, we’ll learn how to use the Helmet module.
Getting ready
We’ll be extending an Express.js application so that it can use the Helmet module. So, first, we must create a basic Express.js server:
- Create a directory named
express-helmet
and initialize the project withnpm
. We’ll also install...