1Helmet is actually just a collection of smaller middleware functions that set security-related HTTP response headers: csp sets the Content-Security-Policy header to help prevent cross-site scripting attacks and other cross-site injections. hidePoweredBy removes the X-Powered-By header.
1import React from "react";
2import {Helmet} from "react-helmet";
3
4class Application extends React.Component {
5 render () {
6 return (
7 <div className="application">
8 <Helmet>
9 <meta charSet="utf-8" />
10 <title>My Title</title>
11 <link rel="canonical" href="http://mysite.com/example" />
12 </Helmet>
13 ...
14 </div>
15 );
16 }
17};
1// Installation
2// npm install helmet --save
3
4// Quick start
5const express = require("express");
6const helmet = require("helmet");
7
8const app = express();
9
10app.use(helmet());
11
12// ...