hide-powered-by

Release 1.1.0

Middleware to remove the X-Powered-By header

Homepage Repository npm Download

Keywords
helmet, security, express, connect, x-powered-by, powered-by
License
MIT
Install
npm install hide-powered-by@1.1.0

Documentation

Hide X-Powered-By

Build Status

Simple middleware to remove the X-Powered-By HTTP header if it's set.

Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example, X-Powered-By: Express is sent in every HTTP request coming from Express, by default. This won't provide much security benefit (as discussed here), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.

const hidePoweredBy = require('hide-powered-by')
app.use(hidePoweredBy())

You can also explicitly set the header to something else, if you want. This could throw people off:

app.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }))

Note: if you're using Express, you don't need this middleware and can just do this:

app.disable('x-powered-by')

Stats

Dependencies
0
Dependent packages
20
Dependent repositories
9.55K
Total releases
3
Latest release
First release
Stars
38
Forks
3
Watchers
6
Contributors
2
Repository size
128 KB
SourceRank
17

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.0
1.0.0
0.1.0

Contributors

Evan Hahn George Zografos


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-07-25 11:09:01 UTC

Login to resync this project