httpServerOptions (settings.js) does not accept settings

Hello guys,

I am using the latest version (0.20.5) without any problem, but when I try to configure (httpServerOptions) it does not work on any "expressjs" settings.

    // The following property can be used to pass custom options to the Express.js
    // server used by Node-RED. For a full list of available options, refer
    // to

    httpServerOptions: {
        "x-powered-by": false

    // The following property can be used to verify websocket connection attempts.
    // This allows, for example, the HTTP request headers to be checked to ensure
    // they include valid authentication information.

Any idea where my mistake will be?

Alternatively I set up an (http response) with the same value (x-powered-by).

Thank you for your help!

Hi @adamiD

I couldn't remember how we handle this in the code, and having reviewed it, I see we only apply these options to the routes that serve the editor and its apis. They do not apply to the routes served by the HTTP nodes.

So that explains what you're seeing. Whether it should apply to the HTTP node routes is another question. Need to think about that.

A workaround would be to use a reverse proxy to do it. That tends to be more secure anyway since web servers/reverse proxies tend to be heavily security tested. NGINX or HAProxy are good and pretty efficient choices. Apache can be used as well but tends to be a bit (lot) more of a resource hog in my experience.

Hello @TotallyInformation,

I also have a preference for NGINX, until I say more, after using it, I never thought about Apache... hehehe
For the case in question I just wanted to hide the header.

Thanks for sharing,

Hello @knolleary,

Thanks for the clarification ... I thought the option affected the whole context ... I thought it was my mistake, so what is the best option to hide the header in the HTTP node routes? What is your recommendation?

I take this opportunity to thank you for the excellent work you have done.