include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

In https://www.npmjs.com/package/express[Express.js], version information is
disclosed by default in the ``++x-powered-by++`` HTTP header:

[source, javascript]
----
let express = require('express');

let example = express(); // Sensitive

example.get('/', function (req, res) {
  res.send('example')
});
----

== Compliant Solution

``++x-powered-by++`` HTTP header should be disabled in
https://www.npmjs.com/package/express[Express.js] with ``++app.disable++``:

[source,javascript]
----
let express = require('express');

let example = express();
example.disable("x-powered-by");
----

Or with helmet's https://www.npmjs.com/package/helmet[hidePoweredBy] middleware:

[source, javascript]
----
let helmet = require("helmet");

let example = express();
example.use(helmet.hidePoweredBy());
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]