connect-header

0.0.5 verified Sat Apr 25 auth: no javascript abandoned

General header middleware for Connect/Express that allows setting arbitrary HTTP response headers via middleware configuration. Version 0.0.5 is the last release; no recent activity (last updated ~10 years ago). Extremely lightweight (no dependencies). Simpler than helmet or custom middleware for basic header setting, but unmaintained and not compatible with modern Express (>=4.x) or Koa.

Common errors

error TypeError: Cannot read property 'setHeader' of undefined ↓

cause Calling the middleware without app.use(header()) but directly header() without options.

fix

Use app.use(header({ 'X-Custom': 'value' }))

error TypeError: Object #<Object> has no method 'set' ↓

cause Using the middleware with a framework that does not have a 'set' method on the response object (e.g., Koa or modern Express).

fix

Use a framework-compatible middleware.

Warnings

gotcha Must pass an options object; calling the middleware without arguments will throw an error. ↓

fix Always call header({ ... }) with an object.

deprecated Package is essentially unmaintained; no updates since 2013. ↓

fix Consider using helmet or write your own middleware.

gotcha Compatibility issues with Express 4.x due to changes in middleware signature. ↓

fix Use with Express 3.x or migrate to helmet.

gotcha The middleware sets headers for every request; cannot conditionally set headers based on route or request properties. ↓

fix Use a custom middleware with conditions if needed.

Install

npm install connect-header

yarn add connect-header

pnpm add connect-header

Imports

connect-header
wrong
```
import header from 'connect-header'
```
correct
```
const header = require('connect-header')
```
This package does not export ES modules; it uses CommonJS.
configured middleware
wrong
```
app.use(header) // calling without options
```
correct
```
app.use(header({ 'X-Custom': 'value' }))
```
The middleware is a function that takes an options object; calling it without options will throw.

Express usage

wrong

app.use(header({ 'X-Frame-Options': 'DENY' })) // without requiring express properly

correct

const express = require('express'); const header = require('connect-header'); const app = express(); app.use(header({ 'X-Frame-Options': 'DENY' }))

Works with Express 3.x; may not be compatible with Express 4+ routing changes.

Quickstart

Shows how to set multiple HTTP security headers using connect-header middleware in a vanilla Connect app.

const http = require('http');
const connect = require('connect');
const header = require('connect-header');

const app = connect();
app.use(header({
  'X-Frame-Options': 'DENY',
  'X-Content-Type-Options': 'nosniff',
  'X-XSS-Protection': '1; mode=block',
  'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
}));

app.use((req, res) => {
  res.end('Hello World!');
});

http.createServer(app).listen(3000);
console.log('Server running on port 3000');