Helmet
Helmet helps you secure your Express apps by setting various HTTP headers
npm install helmet
By default does following:
Module
Notes
Why
hsts for HTTP Strict Transport Security
won’t tell users on HTTP to switch to HTTPS, it will just tell HTTPS users to stick around
HTTP sucks
noSniff to keep clients from sniffing the MIME type
they will trust what the server says and block the resource if it’s wrong instead of guessing
if client recieves html(user uploaded data) even with wrong mime, it could run it
Last updated