node package manager
Painless code sharing. npm Orgs help your team discover, share, and reuse code. Create a free org »

fastify-helmet

fastify-helmet

js-standard-style Build Status Greenkeeper badge

Important security headers for Fastify. It is a port from express of helmet

Install

npm i fastify-helmet --save

Usage

Simply require this plugin, and the basic security headers will be set.

const fastify = require('fastify')()
const helmet = require('fastify-helmet')
 
fastify.register(helmet)
 
fastify.listen(3000, err => {
  if (err) throw err
  console.log('Server listenting on localhost:', fastify.server.address().port)
})

How it works

fastify-helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running fastify.register(helmet) will not include all of these middleware functions by default.

Module Default?
contentSecurityPolicy for setting Content Security Policy
expectCt for handling Certificate Transparency
dnsPrefetchControl controls browser DNS prefetching
frameguard to prevent clickjacking
hidePoweredBy to remove the X-Powered-By header
hpkp for HTTP Public Key Pinning
hsts for HTTP Strict Transport Security
ieNoOpen sets X-Download-Options for IE8+
noCache to disable client-side caching
noSniff to keep clients from sniffing the MIME type
referrerPolicy to hide the Referer header
xssFilter adds some small XSS protections

fastify-helmet accept the same options of Helmet, and you can see more in the helmet documentation.

License

MIT