hood
Cover your head.
Security headers middleware for connect or express.
Further readings on middlewares can be found here
Usage
var hood = ;app;
This will setup sane defaults for most apps. You can also pass options to configure each middleware.
app;
Each middleware is also available individually.
csp
app;app;app; // to use Report-Onlyappapp;
hsts
Only applies header if request is secure. Checks req.connection.encrypted
and req.connection.proxySecure
.
app;app;app;
xframe
app // DENYapp;app;app;app;
nosniff
app;
header
A convenience method when you need to add arbitrary headers to all requests.
app;app;