checklist.day

helmet-csp

JSON →
library 4.0.0 ·javascript
verified May 27, 2026
auth-securityweb-framework

Content Security Policy middleware for Express and Node.js. Version 4.0.0 requires Node >=18 and ships TypeScript definitions. It sets the Content-Security-Policy header using a directives object with support for camelCase or kebab-case keys, dynamic values via functions, and a default policy that can be overridden or disabled. Unlike generic CSP libraries, it integrates directly with the Helmet ecosystem and provides sensible defaults to prevent common vulnerabilities like XSS, though it performs minimal validation on the policy itself.

Traffic · last 30 days ↓22% vs prev 7d · indexed Sat Apr 25 · updated Tue Jun 09

total hits 23
actors 7 distinct systems
last hit 2d ago AhrefsBot
Amazonbot
4
MetaBot
4
GPTBot
2
Script
1
Search engines
1
Humans
6

top countries 🇺🇸 United States · VN · 🇫🇷 France · 🇨🇦 Canada · 🇩🇪 Germany

Resources

githubgithub.com/helmetjs/helmet ↗
packagewww.npmjs.com/package/helmet-csp ↗
homepagehelmetjs.github.io ↗

API endpoints

full doc /v1/registry/helmet-csp
install /v1/registry/helmet-csp/install
compatibility /v1/registry/helmet-csp/compatibility