O'Reilly logo

Node Security by Dominic Barnes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security-related HTTP headers

There are some HTTP headers available that can help add some security to our web applications. We will be looking at a module called helmet, which is written as a collection of Connect/Express middleware that adds these headers depending on your configuration. We will examine each of the middleware functions that helmet includes, as well as a brief explanation of their effects.

Content security policy

First, helmet supports setting headers for a newer security mechanism for HTML and web applications called Content Security Policy (CSP). XSS attacks circumvent the Same-Origin Policy (SOP) by using other methods to trick browsers into delivering harmful content.

For browsers that support this feature, you can restrict ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required