Due to Node's "batteries not included" philosophy, which has also influenced the philosophy of certain web frameworks (such as Express), security features often tend to be a manual add-onĀ or at least a matter of manual configuration.
In this recipe, we'll show how to harden an Express web server (along with hardening servers built with other frameworks in the There's more section).