What does hpp protect against?
HTTP Parameter Pollution. It removes duplicate query params so an attacker cannot trick your parser by sending ?user=a&user=b. Small middleware with a clear protective role.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Popular Express Middlewares You Should Use
express.json, express.urlencoded, cors, helmet, morgan or pino-http, express-rate-limit, cookie-parser, compression, express-mongo-sanitize, xss-clean, hpp, plus your own auth, validation, and error handler middlewares.
Adds security HTTP headers: X-Frame-Options (clickjacking), Strict-Transport-Security (force HTTPS), Content-Security-Policy basics, and more. Set and forget; it protects against several common attacks with no behavior change.
Limits requests per IP. Add a global limiter (100 req per 15 min) and stricter limiters on auth routes (5 attempts per 15 min). Prevents abuse and brute-force attacks.
Still have questions?
Browse all our FAQs or reach out to our support team
