Awesome Open Source
Awesome Open Source

Helmet Gopher


Go Report Card

HTTP security headers middleware for Go(lang) inspired by HelmetJS.

Helmet helps you secure your Golang web applications by setting various HTTP security headers. It's not a silver bullet, but it can help!

Quick Start

go get

package main

import (


func main() {
	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintln(w, "I love HelmetJS, I just wish there was a Go(lang) equivalent...")

	helmet := helmet.Default()
	http.Handle("/", helmet.Secure(handler))

	log.Fatal(http.ListenAndServe(":8080", nil))

This code sample can be found in /examples/01-quick-start.

How It Works

Helmet is a collection of 12 smaller middleware functions that set HTTP security response headers. Initializing via helmet.Default() will not include all of these middleware functions by default.

Module Default
X-Content-Type-Options nosniff
X-DNS-Prefetch-Control off
X-Download-Options noopen
X-Frame-Options SAMEORIGIN
X-Powered-By Removes the X-Powered-By header
Strict-Transport-Security max-age=5184000; includeSubDomains (60 days)
X-XSS-Protection 1; mode=block

You can see more in the documentation.

Helmet is open source under the MIT License.

Gopher image by Renee French, licensed under CC 3.0 license.

Helmet icon by Hand-Drawn Goods, licensed under CC 3.0 license.

Gopher + Helmet remix by Emily Wilson, licensed under CC 3.0 license.

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Go (196,062
Golang (32,696
Golang Library (1,298
Golang Package (658
Secure (435
Header (404
Related Projects