Simple middleware to remove the
X-Powered-By HTTP header if it's set.
Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example,
X-Powered-By: Express is sent in every HTTP request coming from Express, by default. This won't provide much security benefit (as discussed here), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.
const hidePoweredBy = app
You can also explicitly set the header to something else, if you want. This could throw people off:
Note: if you're using Express, you don't need this middleware and can just do this: