Tools: HelmetJS, NodeJS, ExpressJS
Projects: (click the links to check the code)
- X-Powered-By header removed using hidePoweredBy()
- Risk of Clickjacking mitigation using helmet.frameguard()
- XSS attack mitigation using helmet.xssFilter()
- Browser setting to not bypass the provided Content-Type using helmet.noSniff()
- X-Download-Options header setting to noopen for IE using helmet.ieNoOpen()
- Browsers setting to use HTTPS for the future requests using helmet.hsts()
- DNS prefetching disabling by dnsPrefetchControl()
- Caching disabling on client’s browser using helmet.noCache()
- Injection of anything unintended into your page prevention using helmet.contentSecurityPolicy();
☕☕☕ If this project helps you understand the concepts around the topic, please consider buying me a coffee
☕☕☕
