include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

https://www.npmjs.com/package/express[Express.js] name is disclosed by default into the ``++x-powered-by++``  HTTP header:

----
let express = require('express');
let app = express(); // Sensitive

app.get('/', function (req, res) {
  res.send('hello')
});
----

== Compliant Solution

``++x-powered-by++``  HTTP header should be disabled in https://www.npmjs.com/package/express[Express.js] with ``++app.disable++`` or with helmet https://www.npmjs.com/package/helmet[hidePoweredBy] middleware:

[source,javascript]
----
let express = require('express');

let app1 = express();  // Compliant
app1.disable("x-powered-by");

let helmet = require("helmet");
let app2 = express(); // Compliant
app2.use(helmet.hidePoweredBy());
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]