hide-powered-by
Middleware to remove the X-Powered-By header
Last updated 7 years ago
by evanhahn
.
MIT
·
Repository
·
Bugs
·
Original npm
·
Tarball
·
package.json
$ cnpm install hide-powered-by
SYNC missed versions from
official npm registry.
Hide X-Powered-By
Simple middleware to remove the X-Powered-By HTTP header if it's set.
Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example, X-Powered-By: Express is sent in every HTTP request coming from Express, by default. This won't provide much security benefit (as discussed here), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.
const hidePoweredBy = require('hide-powered-by')
app.use(hidePoweredBy())
You can also explicitly set the header to something else, if you want. This could throw people off:
app.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }))
Note: if you're using Express, you don't need this middleware and can just do this:
app.disable('x-powered-by')
Current Tags
- 1.1.0 ... latest (7 years ago)
3 Versions
Maintainers (1)
evanhahn
Downloads
Today
0
This Week
0
This Month
0
Last Day
0
Last Week
0
Last Month
3
Dependencies (0)
None
Dev Dependencies (12)
- @types/connect ^3.4.32
- @types/jest ^24.0.12
- @types/supertest ^2.0.7
- @typescript-eslint/eslint-plugin ^1.7.0
- @typescript-eslint/parser ^1.7.0
- connect ^3.7.0
- eslint ^5.16.0
- eslint-config-helmet ^0.2.0
- jest ^24.7.1
- supertest ^4.0.2
- ts-jest ^24.0.2
- typescript ^3.4.5
Dependents (1)