3 examples of 'express headers' in JavaScript

Every line of 'express headers' code snippets is scanned for vulnerabilities by our powerful machine learning engine that combs millions of open source libraries, ensuring your JavaScript code is secure.

All examples are scanned by Snyk Code

By copying the Snyk Code Snippets you agree to
this disclaimer
6function secureHeaders (app, frontendApp) {
7 // Content Security Policy
8 app.use(helmet.contentSecurityPolicy({
9 directives: {
10 defaultSrc: ["'none'"],
11 // Allow <script> tags hosted by ourselves and from atlassian when inserted into an iframe
12 scriptSrc: ["'self'", process.env.APP_URL, 'https://*.atlassian.net', 'https://*.jira.com'],
13 // Allow XMLHttpRequest/fetch requests
14 connectSrc: ["'self'", process.env.APP_URL],
15 // Allow <style> tags hosted by ourselves as well as style="" attributes
16 styleSrc: ["'self'", "'unsafe-inline'"],
17 // Allow self-hosted images, data: images, organization images and the error image
18 imgSrc: ["'self'", 'data:', 'https://*.githubusercontent.com', 'https://octodex.github.com']
19 }
20 }))
21 // Enable HSTS with the value we use for education.github.com
22 app.use(helmet.hsts({
23 maxAge: 15552000
24 }))
25 // X-Frame / Clickjacking protection
26 // Disabling this. Will probably need to dynamically
27 // set this based on the referrer URL and match if it's *.atlassian.net or *.jira.com
28 // app.use(helmet.frameguard({ action: 'deny' }))
29 // MIME-Handling: Force Save in IE
30 app.use(helmet.ieNoOpen())
31 // Disable cachingç
32 app.use(helmet.noCache())
33 // Disable mimetype sniffing
34 app.use(helmet.noSniff())
35 // Basic XSS Protection
36 app.use(helmet.xssFilter())
37
38 // Remove the X-Powered-By
39 // This particular combination of methods works
40 frontendApp.disable('x-powered-by')
41 app.use(helmet.hidePoweredBy())
42}
Important

Use secure code every time

Secure your code as it's written. Use Snyk Code to scan source code in minutes – no build needed – and fix issues immediately. Enable Snyk Code

38public getHeader(field: string): string | undefined {
39 return this.req.header(field);
40}
88addCustomHeaders(customHeaders?: ICustomHeader[]) {
89 if (customHeaders) {
90 this.addUse(null, (req, res, next) => {
91 customHeaders.forEach((customHeader) => {
92 let value: string | undefined = customHeader.value.toString();
93 if (customHeader.isEnv && value && process.env[value]) {
94 value = process.env[value];
95 }
96 res.header(customHeader.key, value);
97 });
98 next();
99 });
100 }
101}

Related snippets