What is the helmet package and why should you use it?
Answer
Helmet is an Express middleware collection that sets important HTTP security headers to protect against common web vulnerabilities. Install and use: const helmet = require('helmet'); app.use(helmet());. It sets headers including: Content-Security-Policy (prevents XSS by whitelisting script sources), X-Content-Type-Options: nosniff (prevents MIME type sniffing), X-Frame-Options: DENY (prevents clickjacking), Strict-Transport-Security (enforces HTTPS), and removes the X-Powered-By: Express header (obscures the stack). By default, helmet() enables 11 of 15 available protections. It is considered essential for any production Express application.
Previous
What is Express middleware chaining and how does it work?
Next
How do you implement rate limiting in Express.js?
More Express.js Questions
View all →- Intermediate How do you implement JWT authentication in Express.js?
- Intermediate What is Express middleware chaining and how does it work?
- Intermediate How do you implement rate limiting in Express.js?
- Intermediate What is input validation and how do you do it in Express?
- Intermediate How do you connect Express.js to MongoDB using Mongoose?