fastify-helmet
Important security headers for Fastify. It is a port from express of helmet
Install
npm i fastify-helmet --save
Usage
Simply require this plugin, and the basic security headers will be set.
const fastify = const helmet = fastify fastifyHow it works
fastify-helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running fastify.register(helmet) will not include all of these middleware functions by default.
| Module | Default? |
|---|---|
| contentSecurityPolicy for setting Content Security Policy | |
| crossdomain for handling Adobe products’ crossdomain requests | |
| expectCt for handling Certificate Transparency | |
| dnsPrefetchControl controls browser DNS prefetching | ✓ |
| featurePolicy to limit your site’s features | |
| frameguard to prevent clickjacking | ✓ |
| hidePoweredBy to remove the X-Powered-By header | ✓ |
| hpkp for HTTP Public Key Pinning | |
| hsts for HTTP Strict Transport Security | ✓ |
| ieNoOpen sets X-Download-Options for IE8+ | ✓ |
| noCache to disable client-side caching | |
| noSniff to keep clients from sniffing the MIME type | ✓ |
| referrerPolicy to hide the Referer header | |
| xssFilter adds some small XSS protections | ✓ |
fastify-helmet accept the same options of Helmet, and you can see more in the helmet documentation.
License
MIT
