Express.js
Rate Limiting and Security Best Practices in Express.js
I spent a solid week tightening security on an Express app and wrote down everything that tripped me up — rate limiting, security headers, CORS, input sanitization, and cookie hardening. This is that list, dressed up as a blog post.