A wrapper for Helmet that works with Rill.
Helmet helps you secure your app by setting various HTTP headers.
npm install @rill/helmet
You can use the default settings.
const app = require('rill')() const helmet = require('@rill/helmet') app.use(helmet())
Or use individual middleware.
How it works
Helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running
app.use(helmet()) will not include all of these middleware functions by default.
|contentSecurityPolicy for setting Content Security Policy|
|expectCt for handling Certificate Transparency|
|dnsPrefetchControl controls browser DNS prefetching||✓|
|frameguard to prevent clickjacking||✓|
|hidePoweredBy to remove the X-Powered-By header||✓|
|hpkp for HTTP Public Key Pinning|
|hsts for HTTP Strict Transport Security||✓|
|ieNoOpen sets X-Download-Options for IE8+||✓|
|noCache to disable client-side caching|
|noSniff to keep clients from sniffing the MIME type||✓|
|referrerPolicy to hide the Referer header|
|xssFilter adds some small XSS protections||✓|
For a more in depth guide on how to use @rill/helmet, check out the official Helmet documentation.
npm testto run tests.
Please feel free to create a PR!