1.0.18 • Published 3 years ago

express-securityheaders v1.0.18

Weekly downloads
-
License
ISC
Repository
github
Last release
3 years ago

express-securityheaders

Add security related headers to an express application.

Description

express-securityheaders add's a default set of security headers to secure your express applications.

The following are set by default:

Content-Security-Policy: default-src 'self'
Permissions-Policy: ""
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Clear-Site-Data: "*"
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin

The X-Powered-By header is removed.

Test your application headers using https://securityheaders.com

Install

  • Install with npm
npm install express-securityheaders --save

Examples

  • Basic usage with default headers
const express = require("express");
const SecurityHeaders = require('express-securityheaders');

var app = express();

app.use(SecurityHeaders());
  • Override a default header
const express = require("express");
const SecurityHeaders = require('express-securityheaders');

var app = express();

app.use(SecurityHeaders({
  "Content-Security-Policy": "default-src 'self' cdn.jsdelivr.net"
}));
  • Override multiple default headers
const express = require("express");
const SecurityHeaders = require('express-securityheaders');

var app = express();

app.use(SecurityHeaders({
  "Content-Security-Policy": "default-src 'self' cdn.jsdelivr.net",
  "X-Frame-Options": "SAMEORIGIN",
  "referrer-policy": "strict-origin-when-cross-origin"
}));
  • Add new header
const express = require("express");
const SecurityHeaders = require('express-securityheaders');

var app = express();

app.use(SecurityHeaders({
  "my-header": "my-header content"
}));
  • Remove a header
const express = require("express");
const SecurityHeaders = require('express-securityheaders');

var app = express();

app.use(SecurityHeaders({
  "Content-Security-Policy": false
}));
1.0.18

3 years ago

1.0.17

3 years ago

1.0.16

3 years ago

1.0.15

3 years ago

1.0.14

3 years ago

1.0.13

3 years ago

1.0.12

3 years ago

1.0.11

3 years ago

1.0.10

3 years ago

1.0.9

3 years ago

1.0.8

3 years ago

1.0.7

3 years ago

1.0.6

3 years ago

1.0.5

3 years ago

1.0.4

3 years ago

1.0.3

3 years ago

1.0.2

3 years ago

1.0.1

3 years ago

1.0.0

3 years ago