Important security headers for Fastify. It is a port from express of helmet
npm i fastify-helmet --save
Simply require this plugin, and the basic security headers will be set.
const fastify =const helmet =fastifyfastify
How it works
fastify-helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running
fastify.register(helmet) will not include all of these middleware functions by default.
|contentSecurityPolicy for setting Content Security Policy|
|expectCt for handling Certificate Transparency|
|dnsPrefetchControl controls browser DNS prefetching||✓|
|frameguard to prevent clickjacking||✓|
|hidePoweredBy to remove the X-Powered-By header||✓|
|hpkp for HTTP Public Key Pinning|
|hsts for HTTP Strict Transport Security||✓|
|ieNoOpen sets X-Download-Options for IE8+||✓|
|noCache to disable client-side caching|
|noSniff to keep clients from sniffing the MIME type||✓|
|referrerPolicy to hide the Referer header|
|xssFilter adds some small XSS protections||✓|
fastify-helmet accept the same options of Helmet, and you can see more in the helmet documentation.