checklist.day

hide-powered-by

JSON →
library 1.1.0 ·javascript
verified May 27, 2026
web-frameworkauth-security

Simple middleware to remove or spoof the X-Powered-By HTTP header. Version 1.1.0 is stable with minimal maintenance. Part of the Helmet.js security middleware family. Differentiates from alternatives by allowing custom header values to mislead attackers. Removing X-Powered-By only obfuscates the framework and is not a strong security measure.

Traffic · last 30 days ↓27% vs prev 7d · indexed Sat Apr 25 · updated Tue Jun 09

total hits 23
actors 7 distinct systems
last hit 20h ago AhrefsBot
Amazonbot
4
MetaBot
4
GPTBot
2
Script
1
Search engines
1
Humans
6

top countries 🇺🇸 United States · 🇫🇷 France · 🇨🇦 Canada · VN · 🇸🇬 Singapore

Resources

githubgithub.com/helmetjs/hide-powered-by ↗
packagewww.npmjs.com/package/hide-powered-by ↗
homepagehelmetjs.github.io/docs/hide-powered-by/ ↗

API endpoints

full doc /v1/registry/hide-powered-by
install /v1/registry/hide-powered-by/install
compatibility /v1/registry/hide-powered-by/compatibility