Pratik Thube
Reputation: 134
Use of helmetjs when we can directly set set HTTP related header
I come across helmetjs in Production Best Practices: Security Express doc here curious to know how it is different than setting headers directly. Also visited helmetjs documentation, I found only how to use it, I want to know how it works and how it is a secure way of setting HTTP related headers (i.e frameguard). Thank you in advance.
Upvotes: 0
Views: 760
Answers (1)
Evan Hahn
Reputation: 12722
Helmet makes setting the headers easier. It puts them all in one place, gives them an API, does some validation, and documents everything.
However, it's not much more than that. If you know how to set the headers yourself and understand their ins and outs, Helmet isn't going to be too useful.
(I'm Helmet's maintainer, for what it's worth!)
Upvotes: 1
Related Questions
- How do I set up helmet.js correctly to resolve CSP issue?
- How to use helmet?
- What is the difference between Helmet and CORS packages node.js
- Express js : Content security header is not reflecting
- React app served with express and helmet cannot make API requests
- What modules of Helmet should I use in my REST Api
- Setting headers in hapi.js
- Implement helmet-csp on individual routes
- Express.js - Helmet.js and other middleware, and mounted applications?
- How to Implement Helmet Into a Node Server? [w/o Express]