connect-header

raw JSON →
0.0.5 verified Sat Apr 25 auth: no javascript abandoned

General header middleware for Connect/Express that allows setting arbitrary HTTP response headers via middleware configuration. Version 0.0.5 is the last release; no recent activity (last updated ~10 years ago). Extremely lightweight (no dependencies). Simpler than helmet or custom middleware for basic header setting, but unmaintained and not compatible with modern Express (>=4.x) or Koa.

error TypeError: Cannot read property 'setHeader' of undefined
cause Calling the middleware without app.use(header()) but directly header() without options.
fix
Use app.use(header({ 'X-Custom': 'value' }))
error TypeError: Object #<Object> has no method 'set'
cause Using the middleware with a framework that does not have a 'set' method on the response object (e.g., Koa or modern Express).
fix
Use a framework-compatible middleware.
gotcha Must pass an options object; calling the middleware without arguments will throw an error.
fix Always call header({ ... }) with an object.
deprecated Package is essentially unmaintained; no updates since 2013.
fix Consider using helmet or write your own middleware.
gotcha Compatibility issues with Express 4.x due to changes in middleware signature.
fix Use with Express 3.x or migrate to helmet.
gotcha The middleware sets headers for every request; cannot conditionally set headers based on route or request properties.
fix Use a custom middleware with conditions if needed.
npm install connect-header
yarn add connect-header
pnpm add connect-header

Shows how to set multiple HTTP security headers using connect-header middleware in a vanilla Connect app.

const http = require('http');
const connect = require('connect');
const header = require('connect-header');

const app = connect();
app.use(header({
  'X-Frame-Options': 'DENY',
  'X-Content-Type-Options': 'nosniff',
  'X-XSS-Protection': '1; mode=block',
  'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
}));

app.use((req, res) => {
  res.end('Hello World!');
});

http.createServer(app).listen(3000);
console.log('Server running on port 3000');