Important security headers for Fastify
You may know fastify-helmet as a helmet plugin for fastify. So why i made this plugin?
This plugin uses a set of helmet plugins for fastify instead of the helmet middlewares. You may find the reason in benchmark result and wish you like it. :)
fastify-fast-helmet is a collection of 12 smaller middleware functions that set HTTP headers.
|fastify-csp||for setting Content Security Policy|
|fastify-expect-ct||for handling Certificate Transparency|
|fastify-dns-prefetch-control||controls browser DNS prefetching||✓|
|fastify-frame-guard||to prevent clickjacking||✓|
|fastify-hide-powered-by||to remove the X-Powered-By header||✓|
|fastify-hpkp||for HTTP Public Key Pinning|
|fastify-hsts||for HTTP Strict Transport Security||✓|
|fastify-ie-no-open||sets X-Download-Options for IE8+||✓|
|fastify-no-cache||to disable client-side caching|
|fastify-no-sniff||to keep clients from sniffing the MIME type||✓|
|fastify-referrer-policy||to hide the Referer header|
The sub plugins use test cases from helmet middleware and their actions are almost same as helmet middlewares but a little difference in fastify-csp.
npm i fastify-fast-helmet
yarn add fastify-fast-helmet
const fastify = ;const fastifyHelmet = ;const app = ;app;app;
- Init version