Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can't remove x-powered-by header in Node Express

Tags:

node.js

express

response-headers

I've gone through every question and blog I can find on the topic, but I can't get rid of x-powered-by: express.

Here's my app which has the sole function of not displaying the "x-powered-by: express" header, combining every bit of advice I've been able to find on how to do this. I've tried each one individually, but none have an effect:

"use strict";    
var express = require("express");
var app = express();
app.set("x-powered-by", "your mum");

const helmet = require("helmet");
app.use(helmet());

const killHeader = (req, res, next) => {
   res.removeHeader("X-Powered-By");
   next();
};

app.get("/", killHeader, (req, res) => {
   res.header("X-powered-by", "A sack of rats");
   res.removeHeader("X-Powered-By");
   res.send("Hello world without x-powered headers");
});

app.disable("x-powered-by");

   app.listen(3000, function () {
      console.log("Running");
   });

I feel like I must be missing a key bit of information as to where headers get generated and sent from, as no combination of the above strategies makes a differences when inspected in the network tab of Chrome. The environment is windows, run via VSCode, but I have the same problem on Ngix in Ubuntu.

like image 576
Rusty Avatar asked Oct 24 '25 21:10

Rusty

1 Answers

You must be getting a cached response from your browser. Try checking the disable cache option on Chrome Dev Tools or use an incognito tab. The Helmet middleware removes the X-powered-by header by default. The following code

   
const express = require("express");
const app = express();
const helmet = require("helmet");

app.use(helmet());

app.get("/", (req, res) => {
   res.send("Hello world without x-powered headers");
});

app.listen(3000, function () {
  console.log("Running");
});

Returns the following headers

HTTP/1.1 200 OK
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Content-Length: 37
ETag: W/"25-CWR19lYRAgXhHOXfwllpUDHFWas"
Date: Mon, 19 Apr 2021 17:37:11 GMT
Connection: keep-alive

Tested with the following dependency versions

"dependencies": {
    "express": "4.16.4",
    "helmet": "3.21.2"
}
like image 157
Drakmord2 Avatar answered Oct 26 '25 13:10

Drakmord2

Sign in to Comment

Related questions

Why does electron fail to start?
How to assign variables in a mailgun email template (Node js)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!