freeCodeCamp/curriculum/challenges/english/09-information-security/information-security-with-h.../hide-potentially-dangerous-...

---
id: 587d8247367417b2b2512c37
title: Hide Potentially Dangerous Information Using helmet.hidePoweredBy()
challengeType: 2
forumTopicId: 301580
dashedName: hide-potentially-dangerous-information-using-helmet-hidepoweredby
---

# --description--

As a reminder, this project is being built upon the following starter project on [Repl.it](https://repl.it/github/freeCodeCamp/boilerplate-infosec), or cloned from [GitHub](https://github.com/freeCodeCamp/boilerplate-infosec/).

Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express. X-Powered-By: Express is sent in every request coming from Express by default. The `helmet.hidePoweredBy()` middleware will remove the X-Powered-By header. You can also explicitly set the header to something else, to throw people off. e.g. `app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))`

# --hints--

helmet.hidePoweredBy() middleware should be mounted correctly

```js
(getUserInput) =>
  $.get(getUserInput('url') + '/_api/app-info').then(
    (data) => {
      assert.include(data.appStack, 'hidePoweredBy');
      assert.notEqual(data.headers['x-powered-by'], 'Express');
    },
    (xhr) => {
      throw new Error(xhr.responseText);
    }
  );
```

# --solutions--

```js
/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/
```
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00			`---`
			`id: 587d8247367417b2b2512c37`
			`title: Hide Potentially Dangerous Information Using helmet.hidePoweredBy()`
			`challengeType: 2`
fix(curriculum): Added forumTopicId to remaining 1200 challeng… (#36558) 2019-08-05 16:17:33 +00:00			`forumTopicId: 301580`
feat(curriculum): restore seed + solution to Chinese (#40683) * feat(tools): add seed/solution restore script * chore(curriculum): remove empty sections' markers * chore(curriculum): add seed + solution to Chinese * chore: remove old formatter * fix: update getChallenges parse translated challenges separately, without reference to the source * chore(curriculum): add dashedName to English * chore(curriculum): add dashedName to Chinese * refactor: remove unused challenge property 'name' * fix: relax dashedName requirement * fix: stray tag Remove stray `pre` tag from challenge file. Signed-off-by: nhcarrigan <nhcarrigan@gmail.com> Co-authored-by: nhcarrigan <nhcarrigan@gmail.com> 2021-01-13 02:31:00 +00:00			`dashedName: hide-potentially-dangerous-information-using-helmet-hidepoweredby`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00			`---`

Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			`# --description--`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			`As a reminder, this project is being built upon the following starter project on [Repl.it](https://repl.it/github/freeCodeCamp/boilerplate-infosec), or cloned from [GitHub](https://github.com/freeCodeCamp/boilerplate-infosec/).`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express. X-Powered-By: Express is sent in every request coming from Express by default. The `helmet.hidePoweredBy()` middleware will remove the X-Powered-By header. You can also explicitly set the header to something else, to throw people off. e.g. `app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			`# --hints--`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			`helmet.hidePoweredBy() middleware should be mounted correctly`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			```js
			`(getUserInput) =>`
			`$.get(getUserInput('url') + '/_api/app-info').then(`
			`(data) => {`
			`assert.include(data.appStack, 'hidePoweredBy');`
			`assert.notEqual(data.headers['x-powered-by'], 'Express');`
			`},`
			`(xhr) => {`
			`throw new Error(xhr.responseText);`
			`}`
			`);`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00			```

Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 18:02:05 +00:00			`# --solutions--`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00
			```js
add comment explaining no need for solutions (#37227) 2019-10-14 15:30:42 +00:00			`/**`
			`Backend challenges don't need solutions,`
			`because they would need to be tested against a full working project.`
			`Please check our contributing guidelines to learn more.`
			`*/`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 22:01:58 +00:00			```