0
0
Node.jsframework~20 mins

Helmet for security headers in Node.js - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Helmet Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
1:30remaining
What HTTP header does Helmet set by default to prevent clickjacking?
Helmet sets several security headers by default. Which header does it set to help prevent clickjacking attacks?
AX-Frame-Options
BX-Content-Type-Options
CStrict-Transport-Security
DContent-Security-Policy
Attempts:
2 left
💡 Hint
Think about which header controls if a page can be shown inside a frame or iframe.
📝 Syntax
intermediate
1:30remaining
Which code snippet correctly applies Helmet middleware in an Express app?
You want to add Helmet to your Express.js app to improve security headers. Which code snippet correctly applies Helmet middleware?
Ahelmet(app);
Bapp.helmet();
Capp.use(helmet());
Dapp.use(helmet);
Attempts:
2 left
💡 Hint
Remember how middleware functions are added in Express.
🔧 Debug
advanced
2:00remaining
Why does this Helmet configuration cause an error?
Consider this code snippet: 
const helmet = require('helmet');
app.use(helmet.contentSecurityPolicy());
Why does this cause an error when running the app?
Node.js
const helmet = require('helmet');
app.use(helmet.contentSecurityPolicy());
Ahelmet must be imported with import syntax, not require
Bhelmet.contentSecurityPolicy requires options argument and fails without it
Capp.use must be called after app.listen
DcontentSecurityPolicy is not a direct method on helmet in the latest version
Attempts:
2 left
💡 Hint
Check the latest Helmet API for how to use contentSecurityPolicy.
state_output
advanced
2:00remaining
What is the effect of disabling the 'crossOriginEmbedderPolicy' in Helmet?
Given this Helmet setup: 
app.use(helmet({ crossOriginEmbedderPolicy: false }));
What effect does disabling 'crossOriginEmbedderPolicy' have on the HTTP headers sent?
Node.js
app.use(helmet({ crossOriginEmbedderPolicy: false }));
AThe Cross-Origin-Embedder-Policy header will not be set
BThe Cross-Origin-Embedder-Policy header will be set to 'unsafe-none'
CThe Cross-Origin-Embedder-Policy header will be set to 'require-corp'
DHelmet will throw an error because crossOriginEmbedderPolicy cannot be false
Attempts:
2 left
💡 Hint
Disabling a Helmet option usually means it won't add that header.
🧠 Conceptual
expert
2:30remaining
Why is Helmet important for modern web applications?
Which of the following best explains why using Helmet is important for modern web applications?
AHelmet automatically fixes all security bugs in your code
BHelmet sets HTTP headers that help protect against common web vulnerabilities by instructing browsers how to behave
CHelmet encrypts all data sent between client and server
DHelmet replaces the need for HTTPS by securing headers
Attempts:
2 left
💡 Hint
Think about what HTTP headers do and how browsers use them.