{"id":17425,"library":"dns-prefetch-control","title":"DNS Prefetch Control Middleware for Express","description":"The `dns-prefetch-control` package provides an Express.js middleware to manage the `X-DNS-Prefetch-Control` HTTP response header. This header influences whether browsers perform DNS prefetching, an optimization where browsers proactively resolve domain names for links and resources that a user might access, potentially reducing perceived latency. The current stable version of this standalone package is 0.3.0, last published seven years ago. While simple and focused, its primary differentiator was its integration into the broader Helmet.js security suite. Modern usage of this functionality is typically through the `helmet` package itself (e.g., `helmet({ xDnsPrefetchControl: { allow: true } })`), as the standalone `dns-prefetch-control` repository has been archived, indicating it's no longer actively maintained as a separate entity. Disabling DNS prefetching, which is the default for security-focused middleware like Helmet.js, enhances user privacy by preventing speculative DNS lookups that could reveal browsing patterns, albeit at a potential slight performance cost.","status":"abandoned","version":"0.3.0","language":"javascript","source_language":"en","source_url":"git://github.com/helmetjs/dns-prefetch-control","tags":["javascript","helmet","security","express","connect","x-dns-prefetch-control","dns","prefetch","typescript"],"install":[{"cmd":"npm install dns-prefetch-control","lang":"bash","label":"npm"},{"cmd":"yarn add dns-prefetch-control","lang":"bash","label":"yarn"},{"cmd":"pnpm add dns-prefetch-control","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"For ESM, this imports the default CommonJS export. This standalone package is largely superseded; use the `helmet` package instead for modern applications.","wrong":"const dnsPrefetchControl = require('dns-prefetch-control'); // Correct for CJS, but prefer ESM where possible.\n// import { dnsPrefetchControl } from 'dns-prefetch-control'; // Incorrect named import for CJS default export.","symbol":"dnsPrefetchControl","correct":"import dnsPrefetchControl from 'dns-prefetch-control';"},{"note":"Imports the TypeScript type for configuration options. The package ships with built-in type declarations. This package is largely superseded; use the `helmet` package instead.","symbol":"DnsPrefetchControlOptions","correct":"import { DnsPrefetchControlOptions } from 'dns-prefetch-control';"},{"note":"This is the recommended modern way to apply DNS prefetch control. The functionality is exposed as an option within the main `helmet` middleware, not as a direct named export from `helmet` itself. The standalone package is abandoned.","wrong":"import { dnsPrefetchControl } from 'helmet';","symbol":"dnsPrefetchControl (from Helmet)","correct":"import helmet from 'helmet';\n// ... app.use(helmet({ xDnsPrefetchControl: { allow: true } }));"}],"quickstart":{"code":"import express from 'express';\nimport dnsPrefetchControl from 'dns-prefetch-control';\n// For modern usage, consider importing helmet directly:\n// import helmet from 'helmet';\n\nconst app = express();\nconst PORT = process.env.PORT || 3000;\n\n// Use dns-prefetch-control to disable DNS prefetching (default and recommended for privacy)\napp.use(dnsPrefetchControl());\n\n// Example of explicitly allowing DNS prefetching (potential privacy trade-off, slight performance gain)\n// app.use(dnsPrefetchControl({ allow: true }));\n\n// If using Helmet.js, you would configure it like this (and omit the standalone middleware):\n// app.use(helmet({\n//   xDnsPrefetchControl: { allow: false } // or true\n// }));\n\napp.get('/', (req, res) => {\n  res.send('<h1>DNS Prefetch Control Example</h1><p>Check your network headers for X-DNS-Prefetch-Control.</p>');\n});\n\napp.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log('X-DNS-Prefetch-Control header should be set.');\n});","lang":"typescript","description":"Demonstrates setting the X-DNS-Prefetch-Control header using the middleware, defaulting to 'off', and notes the modern Helmet.js integration."},"warnings":[{"fix":"Migrate to `helmet` and configure `xDnsPrefetchControl` option: `app.use(helmet({ xDnsPrefetchControl: { allow: false } }));`","message":"The standalone `dns-prefetch-control` package is effectively abandoned, with its GitHub repository archived. Its functionality has been integrated directly into the `helmet` package. Users should migrate to using `helmet` directly for this feature.","severity":"deprecated","affected_versions":">=0.1.0"},{"fix":"The default setting of `allow: false` (or just `app.use(dnsPrefetchControl())`) disables prefetching, prioritizing privacy. Carefully evaluate performance gains against privacy concerns before enabling.","message":"Enabling DNS prefetching (`allow: true`) can improve page load performance by proactively resolving domain names. However, it can also have privacy implications, as it causes browsers to make DNS requests for links a user might not actually click, potentially revealing browsing interests to DNS servers and network observers.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Be aware that reliance on non-standard headers can lead to inconsistent behavior in edge cases or with future browser updates. Monitor browser compatibility if this header is critical to your application's privacy or performance strategy.","message":"The `X-DNS-Prefetch-Control` header is a non-standard header, though widely supported by modern browsers. Its behavior might vary slightly across different browser implementations.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Focus DNS prefetching only on key third-party domains used early in the page load and avoid prefetching low-priority or rarely used domains. The middleware controls the HTTP header, which typically applies broadly, so fine-tuning often requires manual `<link>` tags for specific domains if `allow: true` is used.","message":"Overusing DNS prefetch hints (e.g., via `<link rel=\"dns-prefetch\" ...>` or excessively broad prefetching) can paradoxically degrade performance by overwhelming the browser's internal queue or causing unnecessary lookups, especially for domains that are not actually used.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure correct import syntax: `import dnsPrefetchControl from 'dns-prefetch-control';` for ESM, or `const dnsPrefetchControl = require('dns-prefetch-control');` for CommonJS. If using TypeScript and `esModuleInterop` is `false`, you might need `import * as dnsPrefetchControl from 'dns-prefetch-control';`.","cause":"This usually occurs when attempting to use an ESM `import` statement for a CommonJS module that exports a function directly (e.g., `module.exports = function`) without correctly accessing its default property, or if using a named import for a default export.","error":"TypeError: dnsPrefetchControl is not a function"},{"fix":"Verify `app.use(dnsPrefetchControl(...))` is placed early in your middleware chain. If using `helmet`, ensure `xDnsPrefetchControl` is configured within the `helmet` options object and avoid redundant standalone `dns-prefetch-control` usage. Use browser developer tools to inspect response headers.","cause":"The middleware might not be applied correctly to the Express application, or other middleware might be overwriting the header. Also, if using the standalone package alongside `helmet`, `helmet` might take precedence.","error":"X-DNS-Prefetch-Control header is not being set or has an unexpected value"}],"ecosystem":"npm","meta_description":null}