DNS prefetching allows web browsers to perform DNS resolving in the background before the user clicks a link. This feature can cause privacy issues.
1import express, { Express } from 'express'
2import helmet from 'helmet'
3const app: Express = express()
4
5function dnsPrefetchingNoncompliant() {
6 app.use(
7 helmet.dnsPrefetchControl({
8 // Noncompliant: 'allow' is set to 'true'.
9 allow: true
10 })
11 )
12}
1import express, { Express } from 'express'
2import helmet from 'helmet'
3const app: Express = express()
4
5function dnsPrefetchingCompliant() {
6 app.use(
7 helmet.dnsPrefetchControl({
8 // Compliant: 'allow' is set to 'false'.
9 allow: false
10 })
11 )
12}