lio
/
benji.monster
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
benji.monster/node_modules/hide-powered-by
History
ry 69c5b90d6a upload site 2020-01-03 21:48:09 +01:00
..
dist upload site 2020-01-03 21:48:09 +01:00
CHANGELOG.md upload site 2020-01-03 21:48:09 +01:00
LICENSE upload site 2020-01-03 21:48:09 +01:00
README.md upload site 2020-01-03 21:48:09 +01:00
package.json upload site 2020-01-03 21:48:09 +01:00

README.md

Hide X-Powered-By

Build Status

Simple middleware to remove the X-Powered-By HTTP header if it's set.

Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express (or whichever framework you use). For example, X-Powered-By: Express is sent in every HTTP request coming from Express, by default. This won't provide much security benefit (as discussed here), but might help a tiny bit. It will also improve performance by reducing the number of bytes sent.

const hidePoweredBy = require('hide-powered-by')
app.use(hidePoweredBy())

You can also explicitly set the header to something else, if you want. This could throw people off:

app.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }))

Note: if you're using Express, you don't need this middleware and can just do this:

app.disable('x-powered-by')