Missing Helmet configuration on HTTP headers
PreviousMissing escape of HTML entities in Handlebars template compilationNextLeakage of Sensitive Information in Exception Messages
Last updated
Last updated
Rule ID: javascript_express_helmet_missing
Applicable Languages: Javascript
Weakness ID: CWE-693
Helmet can help protect your app from well-known web vulnerabilities by setting HTTP headers appropriately. Failing to configure Helmet for HTTP headers leaves your application exposed to various web attacks.
Do use Helmet middleware to secure your app by adding it to your application's middleware.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our