Package Exports
- @middy/http-security-headers
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@middy/http-security-headers) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Middy http-security-headers middleware
 
HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda
Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.
Applies best practice security headers to responses. It's a simplified port of HelmetJS. See HelmetJS documentation for more details.
Install
To install this middleware you can use NPM:
npm install --save @middy/http-security-headersOptions
- dnsPrefetchControlcontrols browser DNS prefetching
- expectCtfor handling Certificate Transparency (Future Feature)
- frameguardto prevent clickjacking
- hidePoweredByto remove the Server/X-Powered-By header
- hstsfor HTTP Strict Transport Security
- ieNoOpensets X-Download-Options for IE8+
- noSniffto keep clients from sniffing the MIME type
- referrerPolicyto hide the Referer header
- xssFilteradds some small XSS protections
Sample usage
const middy = require('@middy/core')
const httpSecurityHeaders = require('@middy/http-security-headers')
const handler = middy((event, context, cb) => {
  cb(null, {})
})
handler
  .use(httpSecurityHeaders())Middy documentation and examples
For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2017-2018 Luciano Mammino and the Middy team.