Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025
@middy/http-security-header
Advanced tools
@middy/http-security-header
Applies best practice security headers to responses. It's a simplified port of HelmetJS
Middy http-security-headers middleware
HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda
Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.
Applies best practice security headers to responses. It's a simplified port of HelmetJS. See HelmetJS documentation for more details.
Install
To install this middleware you can use NPM:
npm install --save @middy/http-security-headers
Options
dnsPrefetchControlcontrols browser DNS prefetchingexpectCtfor handling Certificate Transparency (Future Feature)frameguardto prevent clickjackinghidePoweredByto remove the Server/X-Powered-By headerhstsfor HTTP Strict Transport SecurityieNoOpensets X-Download-Options for IE8+noSniffto keep clients from sniffing the MIME typereferrerPolicyto hide the Referer headerxssFilteradds some small XSS protections
Sample usage
const middy = require('@middy/core')
const httpSecurityHeaders = require('@middy/http-security-headers')
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler
.use(httpSecurityHeaders())
Middy documentation and examples
For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2017-2018 Luciano Mammino and the Middy team.
FAQs
Applies best practice security headers to responses. It's a simplified port of HelmetJS
We found that @middy/http-security-header demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Package last updated on 04 Dec 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg - Sep 10, 2025
Security News
Feross on Risky Business Weekly Podcast: npm’s Ongoing Supply Chain Attacks
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
By Sarah Gooding - Sep 10, 2025