Helmet
Helmet can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately. Generally, Helmet is just a collection of 14 smaller middleware functions that set security-related HTTP headers (read more).
info Hint Note that applying
helmet
as global or registering it must come before other calls toapp.use()
or setup functions that may callapp.use()
). This is due to the way the underlying platform (i.e., Express or Fastify) works, where the order that middleware/routes are defined matters. If you use middleware likehelmet
orcors
after you define a route, then that middleware will not apply to that route, it will only apply to middleware defined after the route.
#
Use with Express (default)Start by installing the required package.
Once the installation is complete, apply it as a global middleware.
#
Use with FastifyIf you are using the FastifyAdapter
, install the fastify-helmet package:
fastify-helmet should not be used as a middleware, but as a Fastify plugin, i.e., by using app.register()
: