Feature Request
The project uses Express but does not configure secure HTTP headers. Adding security middleware is a standard production-ready best practice to prevent common vulnerabilities (like Clickjacking, XSS, MIME sniffing, and Information Disclosure).
Proposed Solution
- Install
helmet as a dependency.
- Register the middleware in the main server file:
const helmet = require('helmet');
app.use(helmet());
GSSoC '26
Feature Request
The project uses Express but does not configure secure HTTP headers. Adding security middleware is a standard production-ready best practice to prevent common vulnerabilities (like Clickjacking, XSS, MIME sniffing, and Information Disclosure).
Proposed Solution
helmetas a dependency.GSSoC '26