Helmet can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately. Generally, Helmet is just a collection of 14 smaller middleware functions that set security-related HTTP headers (read more).
info Hint Note that applying
helmetas global or registering it must come before other calls to
app.use()or setup functions that may call
app.use()). This is due to the way the underlying platform (i.e., Express or Fastify) works, where the order that middleware/routes are defined matters. If you use middleware like
corsafter you define a route, then that middleware will not apply to that route, it will only apply to middleware defined after the route.
Start by installing the required package.
Once the installation is complete, apply it as a global middleware.
If you are using the
FastifyAdapter, install the fastify-helmet package: