CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-koa-helmet

Security header middleware collection for Koa applications that wraps Helmet.js

91

1.04x
Overview
Eval results
Files

Evaluation results

100%

48%

Custom Security Middleware Stack

Granular middleware composition

Criteria
Without context
With context

noSniff usage

53%

100%

xssFilter usage

50%

100%

referrerPolicy usage

53%

100%

hsts usage

50%

100%

frameguard usage

53%

100%

contentSecurityPolicy usage

53%

100%

dnsPrefetchControl usage

50%

100%

100%

Clickjacking Protection Server

Frameguard (clickjacking protection)

Criteria
Without context
With context

koa-helmet import

100%

100%

frameguard with DENY

100%

100%

frameguard with SAMEORIGIN

100%

100%

Conditional middleware application

100%

100%

Middleware registration

100%

100%

100%

Secure API Server

Unified security middleware application

Criteria
Without context
With context

koa-helmet import

100%

100%

helmet() invocation

100%

100%

Middleware registration

100%

100%

Middleware ordering

100%

100%

Security headers present

100%

100%

100%

70%

Legacy XSS Protection Header Middleware

XSS filter control

Criteria
Without context
With context

Import koa-helmet

100%

100%

Use xssFilter middleware

0%

100%

Apply middleware to Koa

0%

100%

Correct middleware placement

50%

100%

Header verification

100%

100%

100%

Secure Web API with Referrer Control

Referrer policy

Criteria
Without context
With context

koa-helmet import

100%

100%

Helmet middleware application

100%

100%

referrerPolicy method usage

100%

100%

no-referrer policy

100%

100%

Middleware ordering

100%

100%

100%

12%

Multi-Tier Security API

Per-route security configuration

Criteria
Without context
With context

Route-specific helmet application

60%

100%

CSP configuration

100%

100%

HSTS configuration

100%

100%

Frameguard configuration

100%

100%

Additional security policies

100%

100%

Koa integration

60%

100%

65%

-35%

HTTPS Policy Middleware

HTTP Strict Transport Security (HSTS)

Criteria
Without context
With context

HSTS middleware usage

100%

0%

maxAge configuration

100%

100%

includeSubDomains option

100%

100%

preload configuration

100%

100%

Route-specific policies

100%

40%

100%

Security Configuration Service

Selective middleware control

Criteria
Without context
With context

helmet() usage

100%

100%

CSP disabling

100%

100%

Frameguard disabling

100%

100%

Frameguard deny configuration

100%

100%

Frameguard sameorigin configuration

100%

100%

HSTS 1-year configuration

100%

100%

HSTS 30-day configuration

100%

100%

100%

Content Security Policy Middleware

Content Security Policy (CSP)

Criteria
Without context
With context

Uses helmet.contentSecurityPolicy

100%

100%

Configures defaultSrc directive

100%

100%

Configures scriptSrc directive

100%

100%

Configures imgSrc directive

100%

100%

Configures styleSrc directive

100%

100%

Configures objectSrc directive

100%

100%

Configures connectSrc directive

100%

100%

Returns Koa middleware

100%

100%

40%

-60%

Cross-Domain Policy Configuration API

Cross-domain policy control

Criteria
Without context
With context

Uses permittedCrossDomainPolicies

100%

0%

Default policy configuration

100%

53%

Dynamic policy changes

100%

20%

Policy application scope

100%

100%

Valid policy values

100%

100%

Koa middleware integration

100%

20%

Install with Tessl CLI

npx tessl i tessl/npm-koa-helmet
Evaluated
Agent
Claude Code

Table of Contents

Custom Security Middleware StackClickjacking Protection ServerSecure API ServerLegacy XSS Protection Header MiddlewareSecure Web API with Referrer ControlMulti-Tier Security APIHTTPS Policy MiddlewareSecurity Configuration ServiceContent Security Policy MiddlewareCross-Domain Policy Configuration API