From the course: Node.js: Security
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Set proper HTTP headers with Helmet
- Helmet is a great package that automatically adds 12 http security headers to your application with a few simple lines. So go to helmetjs.github.io, and once you get to this site, you'll see that it's very simple to set up. So, if we scroll down, so if you don't do anything else but the simple setup that we see here, you're gonna get all these headers by default, so all the ones that says default here and cross-checked, that means you get this automatically. So you get dnsPrefetchControl. You get frameguard for clickjacking. You get remove the X-Powered-By header. You also get HTTP Strict Transport Security, and so on, so forth. So if you want to get more details on any of this, all you have to do is click here, and you're gonna get what is the actual attack, how does the header protect you, and so on, so forth. If you want to install any of the other ones, like noCache, and so on, so forth, it'll show you in the actual information here, how to set it up within the actual code. So…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.