I'm working on a react.js app using Create-react-app, in the response headers I'm seeing an Express's x-powered-by header and I want to disable this particular header field. Are there ways to achieve this? In the Next.js we can disable this header field by adding some code to config file, can we achieve the same in my scenario?

CodePudding user response：

React is a client side framework and doesn't handle serving your application to a browser. Whatever system you are using to host your application is responsible for that header. Some of the CRA templates use webpack-dev-server for npm start which is built on Express and is probably what's showing the header. As this isn't actually part of your app, there isn't much point to turning it off even if you can.

CodePudding user response：

I'd suggest having a look at helmet, this will remove the x-powered-by header as well as enhancing security by setting other http headers (see docs. for details)

const express = require("express");
const helmet = require("helmet");

const app = express();

app.use(helmet());

app.get("/test", (req, resp) => { 
    resp.send('Testing with Helmet');
})

app.listen(3000);

You'll see when you use helmet that the X-Powered-By: Express header is no longer present.

If you just want to hide the x-powered-by header, I'd suggest trying:

const express = require("express");
const helmet = require("helmet");

const app = express();

app.use(helmet.hidePoweredBy());

app.get("/test", (req, resp) => { 
    resp.send('Testing with Helmet');
})

app.listen(3000);