Locokiter
Reputation: 47
Why is x-powered-by header showing after installing Express helmet?
I have an Express server running on port 8080 using webpack. I installed helmet as described in the package docs
const express = require('express')
const helmet = require('helmet')
const app = express()
app.use(helmet())
Yet when I npm start I still see the x-powered-by:Express header in localhost and none of the dns-prefetch, xss or other headers that Helmet is supposed to enable. I restarted the server several times, deleted my build folder so it is not cached, and am lost as to why it's not working. Any thoughts or pointers will be greatly appreciated!
Upvotes: 4
Views: 3894
Answers (1)
KrishnaSingh
Reputation: 746
You need to explicitly invoke the middleware like so.
const hidePoweredBy = require('hide-powered-by')
app.use(hidePoweredBy())
https://expressjs.com/en/advanced/best-practice-security.html
Can also try
app.disable('x-powered-by')
Upvotes: 3
Related Questions
- Always getting Load denied by X-Frame-Options, already set in express.js using Helmet
- Can't get rid of header X-Powered-By:Express
- remove header X-powered-by Express using @types/express
- Express js : Content security header is not reflecting
- How to disable "X-Powered-By" response header in create-react-app?
- Why is X-Powered-By Header not disabled after using helmet?
- Can't remove x-powered-by header in Node Express
- How to remove x-powered-by header in nextjs custom server
- Cant disable X-Powered-By: Express
- How to disable or replace X-Powered-By header in Sails.js application