Important security headers for qoq based on koa-helmet.
yarn add qoq-helmetimport { WebSlotManager } from 'qoq';
import { helmets, Helmet } from 'qoq-helmet';
// This...
export const webSlots = WebSlotManager.use(new Helmet());
// ...is equivalent to this:
export const webSlots = WebSlotManager.use(helmets.contentSecurityPolicy())
.use(helmets.dnsPrefetchControl())
.use(helmets.expectCt())
.use(helmets.frameguard())
.use(helmets.hidePoweredBy())
.use(helmets.hsts())
.use(helmets.ieNoOpen())
.use(helmets.noSniff())
.use(helmets.originAgentCluster())
.use(helmets.permittedCrossDomainPolicies())
.use(helmets.referrerPolicy())
.use(helmets.xssFilter());@see helmet