🌐
HTTP3M+/wkMIT

helmet

Helmet helps secure Express.js applications by setting various HTTP response headers that protect against common web vulnerabilities. It is a collection of smal

Installation

npm
npm install helmet
yarn
yarn add helmet
pnpm
pnpm add helmet

Import

ESM
import helmet from 'helmet';

Quick Example

usage
import express from 'express';
import helmet from 'helmet';

const app = express();
app.use(helmet());

app.get('/', (req, res) => {
  res.send('Secured with Helmet');
});

About helmet

Helmet helps secure Express.js applications by setting various HTTP response headers that protect against common web vulnerabilities. It is a collection of smaller middleware functions that each set a specific security header. Helmet sets Content-Security-Policy to control which resources the browser is allowed to load, preventing cross-site scripting (XSS) and data injection attacks. It sets X-Content-Type-Options to prevent MIME type sniffing, Strict-Transport-Security to enforce HTTPS connections, X-Frame-Options to prevent clickjacking, and Referrer-Policy to control referrer information leakage. Helmet also removes the X-Powered-By header that identifies Express, reducing information disclosure to potential attackers. Each middleware function can be configured independently, and specific protections can be disabled if they conflict with application requirements. Helmet follows security best practices recommended by OWASP and is considered a baseline security measure for any Express application exposed to the internet. The library is lightweight and adds negligible performance overhead since it only modifies response headers. It is typically one of the first middleware applied in the Express middleware chain.

Quick Facts

Packagehelmet
CategoryHTTP
Weekly Downloads3M+
LicenseMIT
Installnpm install helmet

Related Packages

expressFramework

Express is the most widely used web application framework for Node.js, providing a minimal and flexi

corsHTTP

CORS (Cross-Origin Resource Sharing) is an Express/Connect middleware that enables cross-origin requ

express-rate-limitAuth

express-rate-limit is a basic rate-limiting middleware for Express that limits repeated requests to

hppAuth

hpp (HTTP Parameter Pollution) is an Express middleware that protects against HTTP Parameter Polluti

csurfAuth

csurf is an Express middleware for CSRF (Cross-Site Request Forgery) protection that generates and v

Browse npm Packages by Category

Explore our reference of 200 popular npm packages with install commands, examples, and quick-start guides.

Framework🌐 HTTP🧪 Testing🔧 Build Tool🛠️ Utility🗄️ Database🔒 Auth🎨 UI Component📦 State Management Validation📂 File System