DNS prefetching High

DNS prefetching allows web browsers to perform DNS resolving in the background before the user clicks a link. This feature can cause privacy issues.

Detector ID
typescript/dns-prefetching@v1.0
Category
Common Weakness Enumeration (CWE) external icon
Tags
-

Noncompliant example

1import express, { Express } from 'express'
2import helmet from 'helmet'
3const app: Express = express()
4
5function dnsPrefetchingNoncompliant() {
6    app.use(
7        helmet.dnsPrefetchControl({
8            // Noncompliant: 'allow' is set to 'true'.
9            allow: true
10        })
11    )
12}

Compliant example

1import express, { Express } from 'express'
2import helmet from 'helmet'
3const app: Express = express()
4
5function dnsPrefetchingCompliant() {
6    app.use(
7        helmet.dnsPrefetchControl({
8            // Compliant: 'allow' is set to 'false'.
9            allow: false
10        })
11    )
12}