hide-powered-by
    Overview
    Documentation
    Insights
    Code
    Contributors
    Dependencies
    Alternatives

hide-powered-by

Middleware to remove the X-Powered-By header

1.1.0  •  Published 6 months ago  •  by helmetjs  •  MIT License

Hide X-Powered-By

Build Status

Simple middleware to remove the X-Powered-By HTTP header if it’s set.

Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example, X-Powered-By: Express is sent in every HTTP request coming from Express, by default. This won’t provide much security benefit (as discussed here), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.

const hidePoweredBy = require('hide-powered-by')
app.use(hidePoweredBy())

You can also explicitly set the header to something else, if you want. This could throw people off:

app.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }))

Note: if you’re using Express, you don’t need this middleware and can just do this:

app.disable('x-powered-by')
How do you feel about the name Devstore for this site?

Popularity

Weekly Downloads
614.7K
Stars
31

Maintenance

Development

Last ver 6 months ago
Created 5 years ago
Last commit 3 months ago
2 months between commits

Technology

Node version: 12.1.0
4.9K unpacked

Compliance

MIT License
OSI Approved
0 vulnerabilities

Contributors

2 contributors
Evan Hahn
Maintainer, 36 commits, 1 merges
Works at Airtable
George Zografos
1 commits, 1 PRs
Works at getndazn
Adam Baldwin
Maintainer
Works at npm
colcodev
1 PRs

Tags

helmet
security
express
connect
x-powered-by
powered-by
Ready for the next level?
Join Devstore's founding team to help us build the ultimate open-source app store, work with the latest technologies, and enjoy great culture, impact and autonomy
© 2019 Devstore, Inc.
Devstore helps developers find and use open-source packages, so they can focus on building amazing things