Content Security Policy Middleware for Express
JSON →express-csp-header is an Express.js middleware designed to streamline the implementation of Content-Security-Policy (CSP) headers in web applications. It wraps the functionality of the `csp-header` package, providing an Express-specific interface. Currently at stable version 6.3.1, the package maintains an active release cadence, frequently releasing patches and minor features. Key differentiators include its integration with Express's middleware system, providing convenient constants like `SELF`, `INLINE`, `NONCE`, and `TLD` for dynamic policy generation. It also features automatic Top-Level Domain (TLD) parsing and custom CSP string processing capabilities. The library facilitates managing both `Content-Security-Policy` and `Reporting-Endpoints` headers, making it easier to implement robust web security measures against attacks like XSS. It requires Node.js version 18 or higher.
Traffic · last 30 days ↓67% vs prev 7d
top countries 🇺🇸 United States · 🇩🇪 Germany · 🇨🇦 Canada · 🇪🇸 Spain · 🇫🇷 France