github.com/gofiber/fiber/v2@v2.47.0/docs/api/middleware/helmet.md (about)

     1  ---
     2  id: helmet
     3  title: Helmet
     4  ---
     5  
     6  Helmet middleware helps secure your apps by setting various HTTP headers.
     7  
     8  ## Signatures
     9  
    10  ```go
    11  func New(config ...Config) fiber.Handler
    12  ```
    13  
    14  ## Examples
    15  ```go
    16  package main
    17  
    18  import (
    19    "github.com/gofiber/fiber/v2"
    20    "github.com/gofiber/fiber/v2/middleware/helmet"
    21  )
    22  
    23  func main() {
    24    app := fiber.New()
    25  
    26    app.Use(helmet.New())
    27  
    28    app.Get("/", func(c *fiber.Ctx) error {
    29      return c.SendString("Welcome!")
    30    })
    31  
    32    app.Listen(":3000")
    33  }
    34  ```
    35  
    36  **Test:**
    37  
    38  ```curl
    39  curl -I http://localhost:3000
    40  ```
    41  
    42  ## Config
    43  
    44  ```go
    45  // Config defines the config for middleware.
    46  type Config struct {
    47  	// Next defines a function to skip middleware.
    48  	// Optional. Default: nil
    49  	Next func(*fiber.Ctx) bool
    50  
    51  	// XSSProtection
    52  	// Optional. Default value "0".
    53  	XSSProtection string
    54  
    55  	// ContentTypeNosniff
    56  	// Optional. Default value "nosniff".
    57  	ContentTypeNosniff string
    58  
    59  	// XFrameOptions
    60  	// Optional. Default value "SAMEORIGIN".
    61  	// Possible values: "SAMEORIGIN", "DENY", "ALLOW-FROM uri"
    62  	XFrameOptions string
    63  
    64  	// HSTSMaxAge
    65  	// Optional. Default value 0.
    66  	HSTSMaxAge int
    67  
    68  	// HSTSExcludeSubdomains
    69  	// Optional. Default value false.
    70  	HSTSExcludeSubdomains bool
    71  
    72  	// ContentSecurityPolicy
    73  	// Optional. Default value "".
    74  	ContentSecurityPolicy string
    75  
    76  	// CSPReportOnly
    77  	// Optional. Default value false.
    78  	CSPReportOnly bool
    79  
    80  	// HSTSPreloadEnabled
    81  	// Optional. Default value false.
    82  	HSTSPreloadEnabled bool
    83  
    84  	// ReferrerPolicy
    85  	// Optional. Default value "ReferrerPolicy".
    86  	ReferrerPolicy string
    87  
    88  	// Permissions-Policy
    89  	// Optional. Default value "".
    90  	PermissionPolicy string
    91  
    92  	// Cross-Origin-Embedder-Policy
    93  	// Optional. Default value "require-corp".
    94  	CrossOriginEmbedderPolicy string
    95  
    96  	// Cross-Origin-Opener-Policy
    97  	// Optional. Default value "same-origin".
    98  	CrossOriginOpenerPolicy string
    99  
   100  	// Cross-Origin-Resource-Policy
   101  	// Optional. Default value "same-origin".
   102  	CrossOriginResourcePolicy string
   103  
   104  	// Origin-Agent-Cluster
   105  	// Optional. Default value "?1".
   106  	OriginAgentCluster string
   107  
   108  	// X-DNS-Prefetch-Control
   109  	// Optional. Default value "off".
   110  	XDNSPrefetchControl string
   111  
   112  	// X-Download-Options
   113  	// Optional. Default value "noopen".
   114  	XDownloadOptions string
   115  
   116  	// X-Permitted-Cross-Domain-Policies
   117  	// Optional. Default value "none".
   118  	XPermittedCrossDomain string
   119  }
   120  ```
   121  
   122  ## Default Config
   123  
   124  ```go
   125  var ConfigDefault = Config{
   126  	XSSProtection:             "0",
   127  	ContentTypeNosniff:        "nosniff",
   128  	XFrameOptions:             "SAMEORIGIN",
   129  	ReferrerPolicy:            "no-referrer",
   130  	CrossOriginEmbedderPolicy: "require-corp",
   131  	CrossOriginOpenerPolicy:   "same-origin",
   132  	CrossOriginResourcePolicy: "same-origin",
   133  	OriginAgentCluster:        "?1",
   134  	XDNSPrefetchControl:       "off",
   135  	XDownloadOptions:          "noopen",
   136  	XPermittedCrossDomain:     "none",
   137  }
   138  ```