@rill/helmet

    1.3.0 • Public • Published

    Rill
    @rill/helmet
    API stability Standard NPM version Downloads Gitter Chat

    A wrapper for Helmet that works with Rill.

    Helmet helps you secure your app by setting various HTTP headers.

    Installation

    npm install @rill/helmet

    Example

    You can use the default settings.

    const app = require('rill')()
    const helmet = require('@rill/helmet')
     
    app.use(helmet())

    Or use individual middleware.

    app.use(helmet.noCache())
    app.use(helmet.frameguard())

    How it works

    Helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running app.use(helmet()) will not include all of these middleware functions by default.

    Module Default?
    contentSecurityPolicy for setting Content Security Policy
    expectCt for handling Certificate Transparency
    dnsPrefetchControl controls browser DNS prefetching
    frameguard to prevent clickjacking
    hidePoweredBy to remove the X-Powered-By header
    hpkp for HTTP Public Key Pinning
    hsts for HTTP Strict Transport Security
    ieNoOpen sets X-Download-Options for IE8+
    noCache to disable client-side caching
    noSniff to keep clients from sniffing the MIME type
    referrerPolicy to hide the Referer header
    xssFilter adds some small XSS protections

    For a more in depth guide on how to use @rill/helmet, check out the official Helmet documentation.

    Contributions

    • Use npm test to run tests.

    Please feel free to create a PR!

    Install

    npm i @rill/helmet

    DownloadsWeekly Downloads

    0

    Version

    1.3.0

    License

    MIT

    Last publish

    Collaborators

    • dylanpiercey