[Done] Hide Potentially Dangerous Information Using helmet.hidePoweredBy()

As per the first challenge, I installed helmetJS

	"dependencies": {
		"express": "^4.14.0",
    "helmet": "^3.12.1"

and then required it:

var helmet = require('helmet');

But when I run:


I get the following error from the freeCodeCamp page:
// running test
expected ‘Express’ to not equal ‘Express’
// tests completed

I’m inclined to think I’ve made a mistake rather than there being a glitch, but I copy and pasted the code from the module’s page on github. I’ve tried using a few different versions of the package, but no luck there.

Any thoughts?

1 Like

I’m guessing there was a backend glitch that got fixed. I went back today, ran the same code and it passed.

1 Like

First please share the challenge code, plus the full code you tried and failed.

This could be about one very small issue(but I’m not sure), my guess, since another user had the same issue recently, you may check it here

This could be becasue you copied some text which is based on UTF-8, and the test expected ASCII, you may remove following

"dependencies": {
		"express": "^4.14.0",
    "helmet": "^3.12.1"

And just type it(no copy paste), hope this help.


Thanks for getting back to me.

I mentioned it above, but coming back to the same challenge two days later, the code ran and passed the test on the first try. I ran it 2-3 more times to make sure it’s not a fluke. Maybe something got updated in the intervening time?

I will keep your comments in mind though for future problems!

1 Like

Same issue here. It wasn’t passing with the same error log then I tried again 5 minutes later and it worked.


That is good to hear :slight_smile: anyway I opened a Support request in order to try to raise the issue to the team, if you want to follow it…

Express provides an option to simply turn off powered by


I had the same issue. I just reloaded my Glitch page and then reloaded the site preview. Once I did that, the URL passed the test.

However, I went to view the headers after adding that code and I’m still able to see the “x-powered-by: Express” header within Chrome dev tools. Any ideas on why this is the case? Is it because the tools are picking up that Glitch is powered by Express perhaps?

Link to project:


I just completed this challenge and wanted to add my experience to help others who may have difficulty.

Despite many reloads, I was unable to set the “x-powered-by” field in the header to nothing using helmet.hidePoweredBy().

I had to set the “x-powered-by” field to something else in order to pass the freeCodeCamp challenge. I used helmet.hidePoweredBy({ setTo: ‘PHP 4.2.0’ }) to make it appear as an Apache server.

Interesting issue.
When I entered the following in my Glitch app,

Firefox developer tools showed ‘x-powered-by: Express’.

Yet, when I entered this in my app,
app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }));

I see ‘x-powered-by: PHP 4.2.0’.

Well, that was frustrating.
Just posting to say Thankyou, because I was having the same issue and “walk away for five minutes” fixed it.

Thank you. I tried this code in myApp.js and while “x-powered-by” header changed correctly the error "expected ‘Express’ to not equal ‘Express’
" remains. Could you please guide?

let helmet = require(‘helmet’);
app.use(helmet.hidePoweredBy({ setTo: ‘PHP 4.2.0’ }));

Thank you

1 Like

Same with me… Was juuuuust about to be frustrated when I thought I better come in here and see if anyone is having buggy issues… reloaded glitch, relaunch the site preview, and it passed…

1 Like

If the same exercise with the same code is ran in Mozilla Firefox the test cases pass, so I believe this one is yet another challenge which does not work on Chrome as I was getting the same issue on Chrome

I had a similar problem with this challenge using the VsCode Glitch plugin (which is super nice!). even though myApp.js code reflected the changes in VScode I had to refresh the glitch project page, and then submit the Live URL, it worked then with

app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }));